IPSwitch IMail SMTP Buffer Overflow Network Vulnerability

Summary

A vulnerability exists within IMail that allows remote attackers to gain SYSTEM level access to servers running IMail's SMTP daemon (versions 6.06 and below). The vulnerability stems from the IMail SMTP daemon not doing proper bounds checking on various input data that gets passed to the IMail Mailing List handler code. If an attacker crafts a special buffer and sends it to a remote IMail SMTP server it is possible that an attacker can remotely execute code (commands) on the IMail system.

Solution

Download the latest patch from http://ipswitch.com/support/IMail/patch-upgrades.html

Severity

Classification

CVE CVE-2001-0039, CVE-2001-0494

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Exchange XEXCH50 Remote Buffer Overflow
Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability
GNU glibc Remote Heap Buffer Overflow Vulnerability (Exim)
Sendmail Local Starvation and Overflow
MailCarrier SMTP Buffer Overflow Vulnerability

Take action and discover your vulnerabilities