|Check Point Reference:||CPAI-2011-324|
|Date Published:||5 Jul 2011|
|Last Updated:||Wednesday 13 July, 2016|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Ipswitch IMail server is a messaging service suite that supports numerous Internet standard electronic mail exchanging protocols. The IMail IMAP server is an implementation of the server side of the IMAP protocol. A Buffer overflow vulnerability has been reported in Ipswitch IMail Server List Mailer component. This is a Buffer overflow vulnerability. The vulnerability is due to a boundary check error in the IMailSrv.exe while handling "Reply-To" SMTP header in the incoming messages. Attackers can trigger this vulnerability by sending a crafted DATA command to the server which contains multiple and long enough "Reply-To" headers. The vulnerability is triggered when the vulnerable program parses the malicious message. Successful exploitation of this vulnerability can lead to arbitrary code execution under the context of the System user.|
This protection will detect and block such maliciously crafted SMTP messages.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: SMTP Protection Violation.
Attack Information: Ipswitch IMail Server list mailer Reply-To address buffer overflow