|
|
 |
| New User, Welcome! Login |
[AJECT] Softalk IMAP Server 8.5.1 DoS vulnerability
| From: |
=?ISO-8859-1?Q?Jo=E3o_Antunes?= <jantunes di fc ul pt> |
| To: |
bugtraq securityfocus com, vuldb securityfocus com |
| Cc: |
|
| Subject: |
[AJECT] Softalk IMAP Server 8.5.1 DoS vulnerability |
| Date: |
Tue - Sep 02, 2008 08:53 AM |
----------------------------------------
Synopsis
----------------------------------------
Softalk IMAP Server 8.5.1 is vulnerable to denial-of-service (DoS)
attacks.
The IMAP server crashes when processing an APPEND command with a
strange parameter (see details bellow). Other commands may also
trigger the same behavior.
Product: Softalk Mail Server
Version: 8.5.1.431 and probably the older versions
Vendor: Softalk (www.softalkltd.com)
Type: Denial-of-service
Risk: service disruption
Remote: Yes
Discovered by: Joo Antunes (AJECT -- Attack Injection Tool) on 05/Jun/
2008
Exploit: Not Available
Solution: Not Available
Status: Developers were contacted and should be releasing a corrected
version soon (8.5.2 beta 2)
----------------------------------------
Vulnerability Description
----------------------------------------
The vulnerability can be triggered by sending the following messages
to the imap server:
A001 LOGIN user password
A01 APPEND Ax5000 (UIDNEXT MESSAGES) (…) Ax5000 (UIDNEXT MESSAGES)
For the sake of legibility, the APPEND command was presented above in
a condensed form.
The "(...)" means that the parameters should be repeated several times
in the same command (e.g., ten times). Successful exploitation results
in a remote denial of service.
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
