IMail POP Server Denial of Service Reported November 8, 1999 by Shok
DESCRIPTION
Due to improper bounds checking in Ipswitch"s IMAIL POP3 server, a buffer overflow occurs when a lengthy username is sent (via "USER <large username>"). Where the length of <large username> is between 200 and 500 characters. It has been tested this on version 5.07, 5.05, and 5.06. According to Interrupt, it appears to be a DoS (denial of service) attack, but there has been no further testing to determine if it can be exploited to gain higher privileges.
DEMONSTRATION
View a copy of the exploit code.
VENDOR RESPONSE
Ipswitch has patched the vulnerability and the latest version can be downloaded from:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail508.exe
If you are unable to install the patch, a temporary workaround is to set the IMAIL monitor to 10 seconds, which guarantees a quick refreshment period.
CREDITS Reported by Shok Posted here at NTSecurity.NET on November 8, 1999 |
IMail Denial of Service - 23 Feb 1999
0 comments
Hide comments