Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities
BID:22852
Info
Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 22852 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-1637 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2007 12:00AM |
| Updated: | Nov 04 2008 01:45AM |
| Credit: | The original discoverer of this issue wishes to remain anonymous. It was reported to the vendor by iDefense. |
| Vulnerable: |
Ipswitch Ipswitch Collaboration Suite Premium Edition 2006.1 Ipswitch Ipswitch Collaboration Suite Premium Edition 2006.03 Ipswitch Ipswitch Collaboration Suite Premium Edition 2006 Ipswitch IMail Server 2006 Ipswitch IMail Plus 0 |
| Not Vulnerable: |
Ipswitch Ipswitch Collaboration Suite Standard Edition 2006.2 Ipswitch IMail Plus 2006.2 Ipswitch IMail 2006.2 |
Discussion
Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities
Ipswitch IMail Server/Collaboration Suite is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Failed exploit attempts likely cause the application to crash.
Ipswitch Collaboration 2006 Suite Premium, IMail, and IMail Plus are vulnerable to these issues.
Ipswitch IMail Server/Collaboration Suite is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Failed exploit attempts likely cause the application to crash.
Ipswitch Collaboration 2006 Suite Premium, IMail, and IMail Plus are vulnerable to these issues.
Exploit / POC
Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities
Solution:
The vendor has released fixes to address these issues. Please see the references for more information.
Solution:
The vendor has released fixes to address these issues. Please see the references for more information.
References
Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities
References:
References:
- IMail Server Homepage (Ipswitch)
- IMail/ICS 2006.2 Release Notes (Ipswitch)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- WhatsUp Small Business Home Page (Ipswitch)
- iDefense Security Advisory 03.07.07: Ipswitch IMail Server 2006 Multiple ActiveX (iDefense Labs
- Ipswitch Collaboration Suite SE 2006.2 Update (Ipswitch)