With the description of this issue per iDefense I would imagine that this
problem is present in most all versions of Imail.
Since the offending commands have to be issued by an IMAP user that has
already authenticated I don't see it as a major issue. One of your own
users would have to attack you, and they would have already been logged.
Easy to catch them.
II. DESCRIPTION
Remote exploitation of a denial of service (DoS) vulnerability in
Ipswitch Inc.'s Imail IMAP server allows attackers to crash the target
service, thereby preventing legitimate use.
The problem specifically exists in handling long arguments to the LIST
command. When a LIST command of approximately 8000 bytes is supplied,
internal string parsing routines can be manipulated in such a way as to
reference non-allocated sections of memory. This parsing error results
in an unhandled access violation, forcing the daemon to exit.
III. ANALYSIS
Exploitation allows remote attackers to crash vulnerable IMAP servers
and thereby prevent legitimate usage. The LIST command is only available
post authentication and therefore valid credentials are required to
exploit this vulnerability.
-Joe
----- Original Message -----
From: "Mark Reimer" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, December 07, 2005 12:41 PM
Subject: RE: [IMail Forum] Kevin Maybe you can answer this
I just got off the phone with tech support after 2+ hours. They don't know
if it affects prior versions because the vulnerability was reported for
8.2.
He also let me know that if there is a vulnerability in prior versions we
have to upgrade to get the fix. I think I'll upgrade since 8.2 seems
stable.
Mark Reimer
IT Project Manager
American CareSource
800-370-5994 ext. 267
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Darrell LaRock
Sent: Wednesday, December 07, 2005 12:23 PM
To: [email protected]
Subject: RE: [IMail Forum] Kevin Maybe you can answer this
We all would like to know this - IPSwitch - how about a comment here.
Darrell
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Reimer
Sent: Wednesday, December 07, 2005 1:06 PM
To: [email protected]
Subject: [IMail Forum] Kevin Maybe you can answer this
Kevin,
I've been on hold for 2 hours now with technical support just to find out
if
pervious versions of Imail server before 8.2 were affected by these 2 new
vulnerabilities. Can you please shed some light on this? I need to know if
I'm ok or going to have to upgrade to 8.22. Thanks.
Mark Reimer
IT Project Manager
American CareSource
800-370-5994 ext. 267
---
[This E-mail has been scanned for viruses]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
---
[This E-mail has been scanned for viruses]
---
[This E-mail has been scanned for viruses]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
