Ipswitch IMail Server List Mailer Reply-To Address Buffer Overflow

Vulnerability
Protection

Check Point Reference:	CPAI-2011-324
Date Published:
Severity:
Source:	Secunia Advisory SA40638
Protection Provided by:	Security Gateway R75
Who is Vulnerable? Ipswitch IMail Server 11.x prior to 11.02
Vulnerability Description A Buffer overflow vulnerability has been reported in Ipswitch IMail Server List Mailer component. Remote attacker can exploit this vulnerability by sending a crafted message to the affected service. Successful exploitation of this vulnerability can lead to arbitrary code execution under the context of the System user.

Vulnerability Details
This is a Buffer overflow vulnerability. The vulnerability is due to a boundary check error in the IMailSrv.exe while handling "Reply-To" SMTP header in the incoming messages. Attackers can trigger this vulnerability by sending crafted DATA command to the server which contains multiple and long enough "Reply-To" headers. The vulnerability is triggered when the vulnerable program parses the malicious message.

Protection Overview
This protection will detect and block such maliciously crafted SMTP messages.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?
1. In the IPS tab, click Protections and find the Ipswitch IMail Server List Mailer Reply-To Address Buffer Overflow protection using the Search tool and Edit the protection's settings.
2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: SMTP Protection Violation
Attack Information: Ipswitch IMail Server list mailer Reply-To address buffer overflow

Legal Notice for Threat Center Advisories