Update Protection against Ipswitch IMail Server IMAP SEARCH Command Date String Stack Overflow Vulnerability
| Check Point Reference: | CPAI-2007-111 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA26123 | |
| Industry Reference(s): | CVE-2007-3925 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Ipswitch IMail 2006 prior to 2006.21 Ipswitch IMail Plus 2006 prior to 2006.21 Ipswitch IMail Premium 2006 prior to 2006.21 | ||
| Vulnerability Description A buffer overflow vulnerability exists in Ipswitch IMail Server. Ipswitch IMail server is a messaging service suite that supports numerous mail exchanging protocols, including the Internet Message Access Protocol (IMAP). IMAP is a standard protocol for accessing e-mail from a local server that provides management of received messages on a remote server. Several mail servers contain buffer overflow errors in the way they handle commands. A remote attacker can exploit this issue to trigger a buffer overflow which may lead to an application crash and to arbitrary code execution. |
||
|
Vulnerability Details The vulnerability is due to an error when processing malformed IMAP SEARCH commands. A remote attacker can exploit this flaw via a specially crafted SEARCH command. Successful exploitation may allow an attacker to create a denial of service condition or execute arbitrary code on an affected system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block malformed SEARCH commands sent to the Ipswitch IMail Server.
In order for the protection to be activated, update your VPN-1/InterSpect/Connectra product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The update released on October 10, 2007 includes the following protections:
Ipswitch IMail Server IMAP SEARCH Command Date String Vulnerability (CPAI-2007-111)
VMware Workstation ActiveX Control Command Execution Vulnerability (CPAI-2007-112)
Symantec Products ActiveX Control Code Execution Vulnerabilities (CPAI-2007-113)
Microsoft SQL Server Distributed Management Objects Vulnerability (CPAI-2007-114)
Microsoft Visual Studio Crystal Reports RPT File Vulnerability (MS07-052) - CPAI-2007-115
IBM and Lenovo Access Support ActiveX Control Vulnerabilities (CPAI-2007-116)
CA eTrust Intrusion Detection (caller.dll) ActiveX Control Vulnerability (CPAI-2007-117)
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Mail > Malformed IMAP Commands > Block Ipswitch IMAIL SEARCH Command Vulnerability.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: IMAP Protocol Violation
Attack Information: Malformed SEARCH command detected
VPN-1 NGX R61 & R60
How Can I Protect My Network?
1. In the Smartdefense tree, click Application Intelligence > Mail > Malformed IMAP Commands.
2. Select the following protection:
Block Ipswitch IMAIL SEARCH Command Vulnerability
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: IMAP Protocol Violation
Attack Information: Malformed SEARCH command detected
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. In the Smartdefense tree, click Application Intelligence > Mail > Malformed IMAP Commands.
2. Select the following protection:
Block Ipswitch IMAIL SEARCH Command Vulnerability
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99928 will appear on the SmartView Tracker.
VPN-1 VSX NGX
How Can I Protect My Network?
1. In the Smartdefense tree, click Application Intelligence > Mail > Malformed IMAP Commands.
2. Select the following protection:
Block Ipswitch IMAIL SEARCH Command Vulnerability
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99928 will appear on the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
1. In the lefthand menu, click Profiles > Default Protection > SmartDefense. The SmartDefense page opens.
2. In the SmartDefense tree, click Application Intelligence > Mail > Malformed IMAP Commands.
3. Select the following protection:
Block Ipswitch IMAIL SEARCH Command Vulnerability
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: IMAP Protocol Violation
Attack Information: Malformed SEARCH command detected
Connectra NGX R62 & R61
How Can I Protect My Network?
1. In the left-hand menu, click Security > SmartDefense > Application Intelligence.
2. In the Dynamic Attacks pane, select the following:
Block Ipswitch IMAIL SEARCH Command Vulnerability
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
In case of an attack, the following log entries will be displayed:
Attack Name: IMAP Protocol Violation
Attack Information: Malformed SEARCH command detected