Greetings,
Ipswitch has just released an update -- IMail 2006.21.
I see that IDefense set an autoresponder to release their disclosure in
response to this announcement. Nothing like IDefense giving admins even 30
seconds to download and install the fix. <g>.
-----------------------------------------------------------------------------------Ipswitch IMail
Server 2006 Multiple IMAP Buffer Overflow VulnerabilitiesiDefense Security Advisory
07.18.07http://labs.idefense.com/intelligence/vulnerabilities/Jul 18, 2007I. BACKGROUNDIpswitch
Inc.'s IMail Server is an e-mail server aimed at providingeasily configured and maintained e-mail
services for smallorganizations. More information is available on the vendor's site atthe following
URL.http://ipswitch.com/products/imail/index.aspII. DESCRIPTIONRemote exploitation of multiple
buffer overflow vulnerabilities inIpswitch Inc.'s IMail Server 2006 could allow attackers to
executearbitrary code.IMail includes an IMAP daemon that users can use to access their email.The
"Search" IMAP command contains an exploitable stack-based bufferoverflow vulnerability.
Additionally, the "Search charset" contains anexploitable heap-based buffer overflow
vulnerability.III. ANALYSISExploitation allows an attacker to execute arbitrary code with
SYSTEMprivileges.In or
der to exploit these issues, an attacker would need to login to avulnerable
IMail IMAP Server using valid credentials.The vulnerable component is installed
with any IPSwitch product thatincludes the IMail Server. This includes products
such as itsCollaboration Suite packages.IV. DETECTIONiDefense has confirmed the
existence of these vulnerabilities in IMailServer 2006. The vulnerable
executable used was version 6.8.8.1 ofimapd32.exe.V. WORKAROUNDDisabling the
IMAP service prevents exploitation of thesevulnerabilities. Consider enabling
POP3 or webmail as an alternative toIMAP.VI. VENDOR RESPONSEIpswitch Inc. has
released version 2006.21 of its IMail product toaddress these vulnerabilities.
More information can be found at thefollowing
URL.http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewReleaseVII.
CVE INFORMATIONA Mitre Corp. Common Vulnerabilities and Exposures (CVE) number
has notbeen assigned yet.VIII. DISCLOSURE TIMELINE02/13/2007 Initial vendor
notification07/17/2007 Initial vendor response07/18/2
007 Coordinated public disclosureIX. CREDITThe stack-based buffer overflow
vulnerability was reported to iDefenseby Manuel Santamarina Suarez. The
heap-based buffer overflow discovererwishes to remain anonymous.Get paid for
vulnerability
researchhttp://labs.idefense.com/methodology/vulnerability/vcp.phpFree tools,
research and upcoming eventshttp://labs.idefense.com/X. LEGAL NOTICESCopyright
© 2007 iDefense, Inc.Permission is granted for the redistribution of this
alertelectronically. It may not be edited in any way without the expresswritten
consent of iDefense. If you wish to reprint the whole or anypart of this alert
in any other medium other than electronically,please e-mail [EMAIL PROTECTED]
for permission.Disclaimer: The information in the advisory is believed to be
accurateat the time of publishing based on currently available information.
Useof the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither theauthor nor
the publisher accepts
any liability for any direct,indirect, or consequential loss or damage arising
from use of, orreliance on, this information.
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
