Ipswitch IMail SMTP Server IASPAM.DLL Remote Buffer Overflow Vulnerability
BID:25762
Info
Ipswitch IMail SMTP Server IASPAM.DLL Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 25762 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5094 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 21 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | axis@ph4nt0m is credited with discovering this issue. |
| Vulnerable: |
Ipswitch IMail 8.1 Ipswitch IMail 8.0.5 Ipswitch IMail 8.0.3 Ipswitch IMail 8.11 Ipswitch IMail 8.01 |
| Not Vulnerable: | |
Discussion
Ipswitch IMail SMTP Server IASPAM.DLL Remote Buffer Overflow Vulnerability
Ipswitch IMail Server is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Versions between Ipswitch IMail Server 8.01 and 8.11 are vulnerable to this issue; other versions may also be affected.
NOTE: This issue may be related to previously disclosed vulnerabilities in IMail, but due to a lack of information we cannot confirm this. We will update this BID as more information emerges.
Ipswitch IMail Server is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Versions between Ipswitch IMail Server 8.01 and 8.11 are vulnerable to this issue; other versions may also be affected.
NOTE: This issue may be related to previously disclosed vulnerabilities in IMail, but due to a lack of information we cannot confirm this. We will update this BID as more information emerges.
Exploit / POC
Ipswitch IMail SMTP Server IASPAM.DLL Remote Buffer Overflow Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
Ipswitch IMail SMTP Server IASPAM.DLL Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Ipswitch IMail SMTP Server IASPAM.DLL Remote Buffer Overflow Vulnerability
References:
References:
- IMail Server Homepage (Ipswitch)