IA eMailServer IMAP LIST Command Validation Flaw Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1014301
|
|
SecurityTracker URL: http://securitytracker.com/id?1014301
|
|
CVE Reference: CVE-2005-2083
(Links to External Site)
|
Updated: Jun 24 2008
|
Original Entry Date: Jun 27 2005
|
Impact: Denial of service via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 5.3.4.2019; confirmed on 5.2.2.1051
|
Description: A vulnerability was reported in IA eMailServer. A remote authenticated user can cause the mail server to crash.
The mail server does not properly validate user-supplied input in the 'LIST' IMAP command. A remote authenticated user can supply
specially crafted LIST command parameters ('%x') to cause 'MailServer.exe' to crash.
Reed Arvin reported this vulnerability.
|
Impact: A remote authenticated user can cause the mail service to crash.
|
Solution: The vendor has issued a fixed version (5.3.4.2019).
|
Vendor URL: www.tnsoft.com/ (Links to External Site)
|
Cause: Input validation error, State error
|
Underlying OS: Windows (Any)
|
Reported By: SecuriTeam <support@securiteam.com>
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
