Signature Detail

IMAP: Ipswitch IMail LOGIN Special Character Buffer Overflow

This signature detects attempts to exploit a known vulnerability against the Ipswitch IMail IMAP server. The IMail Server does not perform sufficient boundary checking when processing the LOGIN command. By sending a specialty crafted LOGIN command with a username argument that is overly long and contains special characters, remote attackers can overflow a stack buffer and execute arbitrary code on a vulnerable host with System level privileges.

Extended Description

Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues.

Affected Products

• Ipswitch IMail 5.0.0
• Ipswitch IMail 5.0.5
• Ipswitch IMail 5.0.6
• Ipswitch IMail 5.0.7
• Ipswitch IMail 5.0.8
• Ipswitch IMail 6.0.0
• Ipswitch IMail 6.0.1
• Ipswitch IMail 6.0.2
• Ipswitch IMail 6.0.3
• Ipswitch IMail 6.0.4
• Ipswitch IMail 6.0.5
• Ipswitch IMail 6.0.6
• Ipswitch IMail 6.1.0
• Ipswitch IMail 6.2.0
• Ipswitch IMail 6.3.0
• Ipswitch IMail 6.4.0
• Ipswitch IMail 7.0.1
• Ipswitch IMail 7.0.2
• Ipswitch IMail 7.0.3
• Ipswitch IMail 7.0.4
• Ipswitch IMail 7.0.5
• Ipswitch IMail 7.0.6
• Ipswitch IMail 7.0.7
• Ipswitch IMail 7.1.0
• Ipswitch IMail 7.12.0
• Ipswitch IMail 8.0.3
• Ipswitch IMail 8.0.5
• Ipswitch IMail 8.1.0
• Ipswitch IMail 8.13.0
• Ipswitch IMail 8.14.0
• Ipswitch IMail 8.15.0 Hotfix 1
• Ipswitch IMail 8.2.0

References

• BugTraq: 13727
• CVE: CVE-2007-3926
• CVE: CVE-2007-3925
• CVE: CVE-2005-1255
• CVE: CVE-2007-3927
• URL: http://securitytracker.com/alerts/2005/May/1014047.html
• URL: http://www.idefense.com/application/poi/display?id=243&type=vulnerabilities