Preemptive Protection against Ipswitch IMail Server Mailing List Message Subject Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2010-142 | |
| Date Published: | ||
| Preemptive Since: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory SA40638 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Ipswitch IMail Server 11.x | ||
| Vulnerability Description A buffer overflow vulnerability exists in Ipswitch IMail Server, a mail server product designed for medium to large size organizations. The vulnerability is due a boundary error in the imailsrv.exe which handles messages sent to the imailsrv. A remote attacker can exploit this vulnerability by sending a crafted message to the affected service. |
||
|
Update/Patch Available The vendor has not released an advisory addressing this vulnerability. |
|
|
Vulnerability Details A buffer overflow vulnerability exists in the Ipswitch IMail mailing list subsystem. The vulnerable code does not properly handle messages that are sent to certain mailing lists and have crafted "Subject" header. Remote attackers could exploit this vulnerability by supplying a specially crafted Subject header to the server. Successful exploitation would allow for arbitrary code injection and execution. |
Protection Overview
The protection will detect and block SMTP commands with mail headers whose length exceed the configured threshold.
In order for the protection to be activated, update your Security Gateway R75 product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.