SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   IMail Server Vendors:   Ipswitch
IMail Server E-mail and Calendar Bugs May Let Remote Users Crash the Server
SecurityTracker Alert ID:  1011146
SecurityTracker URL:  http://securitytracker.com/id/1011146
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 3 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.13
Description:   Some denial of service vulnerabilities were reported in IMail Server. A remote user may be able to cause the server to crash.

The vendor reported that potential denial of service conditions exist in the Queue Manager, Web Calendaring, and Web Messaging components.

In the Queue Manager, an e-mail message with an abnormally long sender field may trigger a crash.

In Web Calendaring, calendar entries with specific content may trigger a crash. The nature of the specific content was not disclosed.

In Web Messaging, an e-mail message with an abnormally large 'To:' line may trigger a crash.

Impact:   A remote user may be able to cause the target service to crash.
Solution:   The vendor has released a fixed version (8.13), available at:

ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail813.exe
http://ipswitch.com/support/imail/releases/imail_professional/im813.html

Vendor URL:  ipswitch.com/support/imail/releases/imail_professional/im813.html (Links to External Site)
Cause:   Exception handling error, Input validation error
Underlying OS:  Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC