IPSwitch IMail SMTP Buffer Overflow Network Vulnerability

Summary

A vulnerability exists within IMail that allows remote attackers to gain SYSTEM level access to servers running IMail's SMTP daemon (versions 6.06 and below). The vulnerability stems from the IMail SMTP daemon not doing proper bounds checking on various input data that gets passed to the IMail Mailing List handler code. If an attacker crafts a special buffer and sends it to a remote IMail SMTP server it is possible that an attacker can remotely execute code (commands) on the IMail system.

Solution

Download the latest patch from http://ipswitch.com/support/IMail/patch-upgrades.html

Severity

Classification

CVE CVE-2001-0039, CVE-2001-0494
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Sendmail 8.8.8 to 8.12.7 Double Pipe Access Validation Vulnerability
Sendmail Local Starvation and Overflow
SendMail Mail Relay Vulnerability
Sendmail remote header buffer overflow
Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Take action and discover your vulnerabilities