SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   IMail Server Vendors:   Ipswitch
(Vendor Claims This is a Hoax) Re: Ipswitch IMail Server Buffer Overflow in Web Messaging Daemon Lets Remote Users Execute Arbitrary Code and Gain System Level Access
SecurityTracker Alert ID:  1004871
SecurityTracker URL:  http://securitytracker.com/id/1004871
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 29 2002
Impact:   Execution of arbitrary code via network, Root access via network

Version(s): 7.11 HF1 and prior versions
Description:   A buffer overflow vulnerability was reported in Ipswitch's IMail Server. A remote user can execute arbitrary code on the server with System level privileges.

In the original message, it was reported that there is a buffer overflow in the Web Messaging daemon in the GET parameter using the HTTP/1.0 specification. The vulnerability was reported to be not present when using the HTTP/0.9 and HTTP/1.1 specifications. According to the original report, a remote user can send a GET request with the following contents to trigger the flaw:

<96 bytes><EBP><EIP>

The vendor has responded that they have been unable to reproduce the flaw and is advising that the report is a hoax.

Impact:   A remote user can execute arbitrary code with System level privileges.
Solution:   The vendor has been unable to duplicate the problem. The vendor suggest that the exploit code may be malicious.

The vendor believes that the unofficial patch provided by the original message's author may be designed to open a vulnerability.

The vendor is advising users that this advisory is a hoax and to not apply the patch.

Vendor URL:  www.ipswitch.com/products/IMail_Server/index.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (NT), Windows (2000), Windows (XP)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 26 2002 Ipswitch IMail Server Buffer Overflow in Web Messaging Daemon Lets Remote Users Execute Arbitrary Code and Gain System Level Access



 Source Message Contents

Subject:  Hoax Exploit


Hello,

In message 284465 there is an "exploit" of IMail Server from Ipswitch
listed.

http://online.securityfocus.com/archive/1/284465

We have been unable to duplicate the problem and the code attached to the
above message is unknown in nature.  We suspect that the "patch" released in
the message is actually designed to open a vulnerability.  At this time we
are advising our users that this advisory is a hoax and to not apply the
patch.  I would like to request that the message be removed to prevent
further confusion.  Thank you.

John Korsak
Product Marketing Manager, IMail Server
(781) 676-5789

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC