|
It's an
overflow in the _vsnprintf() function. As far as I've read, this
makes your options quite limited. You can only write to data pointers passed to you through the va_args list of the function. As far as I've seen when messing with this vulnerability, there are no potentials for overwrites. I see no function pointers, only text data. Just attach a debugger to ipswitch, and send MAIL FROM: [EMAIL PROTECTED] to cause a fault in the debugger. Chris ----- Original Message ----- From: "Owen Dhu" <[EMAIL PROTECTED]> To: <[email protected]>; <[EMAIL PROTECTED]>; <[email protected]> Sent: Tuesday, December 13, 2005 11:07 AM Subject: Re: [Full-disclosure] iDEFENSE Security Advisory 12.06.05: Ipswitch Collaboration Suite SMTP Format String Vulnerability On 12/6/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Ipswitch Collaboration Suite SMTP Format String Vulnerability [...] > Remote exploitation of a format string vulnerability in Ipswitch > IMail allows remote attackers to execute arbitrary code. Can iDEFENSE (or anyone else) elaborate on this? I have been working with this for a little while and iMail doesn't seem to be exploitable in this way. TIA. |
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
