Update Protection against Mercury Mail Transport System Data Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2007-060 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA22857 | |
| Industry Reference(s): |
CVE-2006-5961 |
|
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Mercury Mail Transport System 4.01b | ||
| Vulnerability Description A buffer overflow vulnerability exist in Mercury Mail Transport System. Mercury Mail Transport System is a free mail server program that supports various email access and exchange protocols, including the Internet Message Access Protocol (IMAP). IMAP is a standard protocol for accessing e-mail from a local server that provides management of received messages on a remote server. A remote attacker can exploit this issue to trigger a Data buffer overflow which may lead to an application crash and to arbitrary code execution. |
||
|
Vulnerability Details The vulnerability is due to a Data buffer overflow error when processing IMAP command continuation data. A remote attacker can exploit this flaw via a specially crafted IMAP commands. Successful exploitation may allow an attacker to create a denial of service condition or execute arbitrary code on an affected system. |
Protection Overview
Malformed IMAP commands may cause a buffer overflow on an affected server. The protection addresses this issue by detecting and blocking malformed IMAP commands that can lead to Data buffer overflow.
In order for the protection to be activated, update your VPN-1/InterSpect/Connectra product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The Update released on May 13, 2007 includes the following protections:
Apple Mac OS X GIF Image Vulnerability (CPAI-2007-059)
Mercury Mail Transport System Data Vulnerability (CPAI-2007-060)
Multiple Symantec SupportSoft ActiveX Control Vulnerabilities (CPAI-2007-061)
McAfee ePolicy Orchestrator SiteManager Multiple Vulnerabilities (CPAI-2007-062)
Sun Java GIF Image Vulnerability (CPAI-2007-063)
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Mail > Malformed IMAP Commands > Block IMAP Data Buffer Overflow.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: IMAP Protocol Violation
Attack Information: Data buffer overflow attempt detected
VPN-1 NGX R61, R60 & VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. In the Smartdefense tree, click Application Intelligence > Mail > Malformed IMAP Commands.
2. In the configuration pane select the following protection:
Block IMAP Data Buffer Overflow
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: IMAP Protocol Violation
Attack Information: Data buffer overflow attempt detected
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. In the Smartdefense tree, click Application Intelligence > Mail > Malformed IMAP Commands.
2. In the configuration pane select the following protection:
Block IMAP Data Buffer Overflow
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99872 will appear on the SmartView Tracker.
VPN-1 VSX NGX
How Can I Protect My Network?
1. In the Smartdefense tree, click Application Intelligence > Mail > Malformed IMAP Commands.
2. In the configuration pane select the following protection:
Block IMAP Data Buffer Overflow
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99872 will appear on the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
1. In the lefthand menu, click Profiles > Default Protection > SmartDefense. The SmartDefense page opens.
2. In the SmartDefense tree, click Application Intelligence > Mail > Malformed IMAP Commands.
3. In the configuration pane select the following protection:
Block IMAP Data Buffer Overflow
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: IMAP Protocol Violation
Attack Information: Data buffer overflow attempt detected
InterSpect 2.0
How Can I Protect My Network?
1. Click Application Intelligence > Mail > Malformed IMAP Commands.
2. In the cunfiguration pane select the following protection:
Block IMAP Data Buffer Overflow
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: IMAP Protocol Violation
Attack Information: Data buffer overflow attempt detected
Connectra NGX R62 & R61
How Can I Protect My Network?
1. In the left-hand menu, click Security > SmartDefense > Application Intelligence.
2. In the Dynamic Attacks pane, select the following:
Block IMAP Data Buffer Overflow
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
In case of an attack, the following log entries will be displayed:
Attack Name: IMAP Protocol Violation
Attack Information: Data buffer overflow attempt detected