From: =?ISO-8859-1?Q?Jo=E3o_Antunes?= <jantunes@di.fc.ul.pt.>
To: [email protected], [email protected]Subject: [AJECT] SurgeMail IMAP 3.9e vulnerability
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Wed, 17 Sep 2008 13:52:37 +0100
X-Mailer: Apple Mail (2.929.2)
Sender: =?UTF-8?B?Sm/Do28gQW50dW5lcw==?= <jasantunes@gmail.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
----------------------------------------
Synopsis
----------------------------------------
SurgeMail Mail Server 3.9e (Windows and Unix-based versions) is =20
vulnerable to denial-of-service (DoS) attacks. The nature of the crash =20=
may indicate a buffer overflow problem, but the developers claimed =20
otherwise.
The IMAP server abruptly crashes when processing an APPEND message =20
with a large parameter.
Product: SurgeMail Mail Server
Version: 3.9e and probably the older versions
Vendor: NetWin (www.netwinsite.com)
Type: Denial-of-service
Risk: service disruption
Remote: Yes
Discovered by: Jo=E3o Antunes (AJECT -- Attack Injection Tool) on =
04/Jun/=20
2008
Exploit: Not Available
Solution: Not Available
Status: Developers were contacted and corrected the software in =20
version 3.9g2
----------------------------------------
Vulnerability Description
----------------------------------------
The vulnerability can be triggered by sending the following messages:
A01 LOGIN username password
A01 APPEND Ax5000 (UIDNEXT MESSAGES)
This should crash both the windows and unix-based versions of the IMAP =20=
server.
Successful exploitation results in a remote denial of service.=
