Signature Detail

IMAP: Ipswitch IMail Server IMAP SEARCH Command Date String Stack Overflow

This signature detects attempts to exploit a known a buffer overflow vulnerability in the way Ipswitch IMail Server handles IMAP requests. It is due to lack of boundary protection while processing IMAP SEARCH command. A remote authenticated attacker can exploit this to cause a denial-of-service condition or inject and execute arbitrary code on the system within the security context of the affected service, normally System. In a successful code injection attack, the behavior of the target is entirely dependent on the intended function of the injected code. It would execute within the security context of the affected service, normally System. In an unsuccessful code injection attack the affected server terminates and reset all established connection.

Extended Description

Ipswitch IMail Server is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Exploit attempts may also cause the application to crash. Ipswitch IMail Server 2006 is vulnerable to these issues; other versions may also be affected.

Affected Products

• Ipswitch IMail Server 2006

References

• BugTraq: 24962
• CVE: CVE-2007-3925