IMail Server Heap Overflow in 'Imailsec.dll' Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1018421 |
|
SecurityTracker URL: http://securitytracker.com/id/1018421
|
|
CVE Reference:
CVE-2007-2795
(Links to External Site)
|
Updated: Jul 24 2007
|
Original Entry Date: Jul 19 2007
|
Impact:
Execution of arbitrary code via network, Root access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2006
|
Description:
A vulnerability was reported in IMail Server. A remote user can execute arbitrary code on the target system.
A remote user can trigger a heap overflow in 'Imailsec.dll' and execute arbitrary code on the target system. The code will run with the privileges of the target service.
A buffer overflow also exists in the IMAP 'subscribe' command.
The vendor credits TippingPoint with reporting this vulnerability. TippingPoint credits Sebastian Apelt with reporting this vulnerability.
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
The vendor has issued a fix (2006.21).
The Ipswitch advisory is available at:
http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease
|
Vendor URL: docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Windows (2000), Windows (2003)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 18 Jul 2007 22:07:59 -0400
Subject: IMail Server
|
http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease
> * A heap overflow condition in Imailsec allowed unauthenticated users arbitrary
> code execution.
> * Buffer overflow due to unchecked buffer length in subscribe.
|
|
