Signature Detail

IMAP: Literal Length Overflow

This protocol anomaly detects an IMAP literal that specifies more octets than the user-defined maximum. A literal is a sequence of zero or more octets. The default maximum number of octets is 65535; you can change this setting in the Sensor Settings Rulebase>Protocol Thresholds and Configuration>IMAP>Maximum Literal Length.

Extended Description

Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle specially crafted IMAP commands. Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers' mail service to stop responding, thus denying further email service for legitimate users. To recover from the denial-of-service condition, administrators must restart the IIS Admin Service service.

Affected Products

• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Exchange Server 2000 SP1
• Microsoft Exchange Server 2000 SP2
• Microsoft Exchange Server 2000 SP3
• Microsoft Exchange Server 2000

References

• BugTraq: 23810
• CVE: CVE-2007-0221
• URL: http://www.imap.org/
• URL: http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx