From: =?ISO-8859-1?Q?Jo=E3o_Antunes?= <jantunes@di.fc.ul.pt.>
To: [email protected], [email protected]Subject: [AJECT] Softalk IMAP Server 8.5.1 DoS vulnerability
Mime-Version: 1.0 (Apple Message framework v926)
Date: Tue, 2 Sep 2008 16:07:53 +0100
X-Mailer: Apple Mail (2.926)
Sender: =?UTF-8?B?Sm/Do28gQW50dW5lcw==?= <jasantunes@gmail.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
----------------------------------------
Synopsis
----------------------------------------
Softalk IMAP Server 8.5.1 is vulnerable to denial-of-service (DoS) =20
attacks.
The IMAP server crashes when processing an APPEND command with a =20
strange parameter (see details bellow). Other commands may also =20
trigger the same behavior.
Product: Softalk Mail Server
Version: 8.5.1.431 and probably the older versions
Vendor: Softalk (www.softalkltd.com)
Type: Denial-of-service
Risk: service disruption
Remote: Yes
Discovered by: Jo=E3o Antunes (AJECT -- Attack Injection Tool) on =
05/Jun/=20
2008
Exploit: Not Available
Solution: Not Available
Status: Developers were contacted and should be releasing a corrected =20=
version soon (8.5.2 beta 2)
----------------------------------------
Vulnerability Description
----------------------------------------
The vulnerability can be triggered by sending the following messages =20
to the imap server:
A001 LOGIN user password
A01 APPEND Ax5000 (UIDNEXT MESSAGES) (=85) Ax5000 (UIDNEXT MESSAGES)
For the sake of legibility, the APPEND command was presented above in =20=
a condensed form.
The "(...)" means that the parameters should be repeated several times =20=
in the same command (e.g., ten times). Successful exploitation results =20=
in a remote denial of service.
