lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 16 Nov 2005 14:56:59 -0000
From: io@...aercoli.it
To: bugtraq@...urityfocus.com
Subject: Buffer Overrun in FTGate4 Groupware Mail server


/******
Package: FTGate4 Groupware Mail server
Auth: http://www.floosietek.com/
Version(s): 4.1 / previous versions may also be vulnerable
Vulnerability Type: Remote Code Execution
*****************/





Disclaimer:
---------

The information is provided "as is" without warranty of any kind.
The author of this issue shall not be held liable for any
downtime, lost profits, or damages due to the informations
contained in this advisory.



What?s FTGate4:
--------------
[description taken from from the author's site]

FTGate4 is a powerful Windows(TM) communication suite that combines
exceptional mail handling facilities with comprehensive Groupware
functionality. Its security and collaboration features were
developed in conjunction with leading ISP's and define a new era in
mail server performance.



Synopsis:
--------

FTGate4 is vulnerable to a buffer overrun which could potentially
lead to execution of arbitrary code.




Description:
-----------

FTGate4 contains a security flaw in the IMAP server caused due to
boundary errors in the handling of various commands (like EXAMINE).




Impact:
------

An attacker could exploit the vulnerability by sending a malformed
request to the IMAP server running on port 143, resulting in a
Denial of Service condition and potentially arbitrary code execution
with the privileges of the SYSTEM user.




Workaround:
----------

There is no known workaround at this time.




PoC:
-------

www.lucaercoli.it/exploits/FTGate-expl.pl









Credits:

-- 
Luca Ercoli	<io [at] lucaercoli.it>
		http://www.lucaercoli.it

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ