ID
VAR-201009-0316
TITLE
Ipswitch IMail Server has a denial of service vulnerability
Trust: 0.6
DESCRIPTION
Ipswitch IMail Server is a mail server bundled with the Ipswitch collaboration component. IMail Server has multiple security vulnerabilities that allow an attacker to conduct a denial of service attack. 1) SmtpDLL.dll has two boundary errors. Sending an email containing a specially constructed sender (\"FROM:\" field) can cause the queue management service (queuemgr.exe) to crash. To successfully exploit the vulnerability you need to enable \"Copy All Mail To:\" and archive via SMTP options. 2) IMailSrv.exe has a boundary error when processing some spool files, and sends a specially constructed email, such as containing multiple \"Reply-To:\" or \"Resent-From:\" header fields to the SMTP service, which can trigger stack-based buffering. Area overflow. This vulnerability can be used to generate multiple windows crash dialogs or to write disk space with a spool file.
Trust: 0.6
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | ipswitch | model: | imail server | scope: | eq | version: | 11.x | Trust: 0.6 |
PATCH
| title: | Ipswitch IMail Server has a patch for denial of service vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/1104 | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2010-2097 | Trust: 0.6 |
REFERENCES
| url: | http://www.exploit-db.com/moaub-15-ipswitch-imail-server-list-mailer-reply-to-address-memory-corruption/http | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2010-2097 |
LAST UPDATE DATE
2022-05-17T22:25:45.612000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-2097 | date: | 2010-09-26T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-2097 | date: | 2010-09-26T00:00:00 |