Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability

Bugtraq ID:	30970
Class:	Boundary Condition Error
CVE:	CVE-2008-4041
Remote:	Yes
Local:	No
Published:	Sep 02 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Jo�?£o Antunes
Vulnerable:	Softalk Mail Server 8.5.1
Not Vulnerable:

Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability

Softalk Mail Server is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Softalk Mail Server 8.5.1 is vulnerable; other versions may also be affected.

Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability

The following example command is available:

APPEND Ax5000 (UIDNEXT MESSAGES)

Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability

References:

• Vendor Homepage (Softalk)
  
• [AJECT] Softalk IMAP Server 8.5.1 DoS ([email protected])