Reported May 20, 2002, by Foundstone Labs.
VERSIONS AFFECTED
· Ipswitch’s IMail Server 7.1 and earlier versions
DESCRIPTION
A
buffer overflow condition exists in the Lightweight Directory Access Protocol
(LDAP) component of Ipswitch's IMail Server, which can result in a Denial of
Service (DoS) attack. An attacker can exploit this vulnerability to remotely
execute arbitrary code by using the privileges of the IMail daemon, which
typically has the default of SYSTEM.
VENDOR RESPONSE
Ipswitch has released Hotfix 1 for IMail Server 7.10 , which addresses this vulnerability. Users who have earlier versions of IMail Server will need to upgrade to version 7.10.
CREDIT
Discovered by Foundstone
Labs.
1 comment
Hide comments