IMail Server E-mail and Calendar Bugs May Let Remote Users Crash the Server
|
|
SecurityTracker Alert ID: 1011146 |
|
SecurityTracker URL: http://securitytracker.com/id/1011146
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 3 2004
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 8.13
|
Description:
Some denial of service vulnerabilities were reported in IMail Server. A remote user may be able to cause the server to crash.
The vendor reported that potential denial of service conditions exist in the Queue Manager, Web Calendaring, and Web Messaging components.
In the Queue Manager, an e-mail message with an abnormally long sender field may trigger a crash.
In Web Calendaring, calendar entries with specific content may trigger a crash. The nature of the specific content was not disclosed.
In Web Messaging, an e-mail message with an abnormally large 'To:' line may trigger a crash.
|
Impact:
A remote user may be able to cause the target service to crash.
|
Solution:
The vendor has released a fixed version (8.13), available at:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail813.exe
http://ipswitch.com/support/imail/releases/imail_professional/im813.html
|
Vendor URL: ipswitch.com/support/imail/releases/imail_professional/im813.html (Links to External Site)
|
Cause:
Exception handling error, Input validation error
|
Underlying OS:
Windows (NT), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 3 Sep 2004 00:58:45 -0400
Subject: http://support.ipswitch.com/kb/IM-20040902-DM01.htm
|
> o Queue Manager: Fixed potential crash when sender field is
> abnormally long.
> o Web calendaring: Fixed potential crash when viewing calendar
> entries with specific content.
> o Web Messaging: Fixed potential crash when abnormally large To:
> lines encountered.
|
|
