Signature Detail
Short Name |
IMAP:OVERFLOW:LIST-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
IMAP |
Keywords |
List Command Buffer Overflow |
Release Date |
2005/12/05 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
IMAP: List Command Buffer Overflow
This signature detects a maliciously crafted LIST command. Attackers can supply the LIST command with a large input string attempting to exploit this vulnerability. Successful exploitation can lead to arbitrary remote code execution.
Extended Description
SurgeMail is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts will likely result in denial-of-service conditions. SurgeMail 3.8k4 is vulnerable; other versions may also be affected.
Affected Products
- NetWin SurgeMail 3.8k4
References
- BugTraq: 28377
- BugTraq: 51403
- CVE: CVE-2004-2513
- CVE: CVE-2008-1498
- URL: http://xforce.iss.net/xforce/xfdb/18295