Reported May 20, 2002, by Foundstone Labs.

VERSIONS AFFECTED

·         Ipswitch’s IMail Server 7.1 and earlier versions

 

 

DESCRIPTION
A buffer overflow condition exists in the Lightweight Directory Access Protocol (LDAP) component of Ipswitch's IMail Server, which can result in a Denial of Service (DoS) attack. An attacker can exploit this vulnerability to remotely execute arbitrary code by using the privileges of the IMail daemon, which typically has the default of SYSTEM.

 

VENDOR RESPONSE

Ipswitch has released Hotfix 1 for IMail Server 7.10 , which addresses this vulnerability. Users who have earlier versions of IMail Server will need to upgrade to version 7.10.

 

CREDIT
Discovered by Foundstone Labs.