| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Feb 2006 17:47:52 +0000 From: João Antunes <jantunes@...fc.ul.pt> To: bugtraq@...urityfocus.com Cc: vuldb@...urityfocus.com Subject: [AJECT] TrueNorth IA eMailserver 5.3.4 buffer overflow vulnerability ---------------------------------------- Synopsis ---------------------------------------- TrueNorth IA eMailserver 5.3.4 is prone to a remote buffer overflow vulnerability in the IMAP server. Product: Internet Anywhere eMailserver Corporate Edition Version: 5.3.4 and probably the older versions Vendor: TrueNorth/NoticeWare (http://www.tnsoft.com/) Type: Buffer overflow / Boundary condition error Risk: Execution of arbitrary code, denial of service Remote: Yes Discovered by: João Antunes (AJECT -- Attack Injection Tool) on 10/Dec/2005 Exploit: Not Available Solution: Not Available Status: Unpatched. No reply from developer(s). ---------------------------------------- Vulnerability Description ---------------------------------------- The vulnerability can be triggered by sending the following messages to the imap server: A001 LOGIN username password // enter in AUTHENTICATED state A002 SELECT inbox // enter in SELECTED state A003 SEARCH <A x 560> // overflow search argument This will crash the server. Successful exploitation could result in a denial of service or execution of arbitrary code.
Powered by blists - more mailing lists