SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability
BID:25318
Info
SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 25318 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4377 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 14 2007 12:00AM |
| Updated: | Mar 13 2008 03:41AM |
| Credit: | Joey Mengele discovered this vulnerability. |
| Vulnerable: |
NetWin SurgeMail 3.8k |
| Not Vulnerable: | |
Discussion
SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability
SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts likely result in denial-of-service conditions.
SurgeMail 38k is vulnerable; other versions may also be affected.
SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts likely result in denial-of-service conditions.
SurgeMail 38k is vulnerable; other versions may also be affected.
Exploit / POC
SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability
The following exploit is available:
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploit is available:
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability
References:
References:
- SurgeMail Homepage (Netwin)