lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <43FA00C8.1030006@di.fc.ul.pt>
Date: Mon, 20 Feb 2006 17:47:52 +0000
From: João Antunes <jantunes@...fc.ul.pt>
To: bugtraq@...urityfocus.com
Cc: vuldb@...urityfocus.com
Subject: [AJECT] TrueNorth IA eMailserver 5.3.4 buffer overflow vulnerability


----------------------------------------
Synopsis
----------------------------------------
TrueNorth IA eMailserver 5.3.4 is prone to a remote buffer overflow
vulnerability in the IMAP server.
Product: Internet Anywhere eMailserver Corporate Edition
Version: 5.3.4 and probably the older versions
Vendor: TrueNorth/NoticeWare (http://www.tnsoft.com/)
Type: Buffer overflow / Boundary condition error
Risk: Execution of arbitrary code, denial of service
Remote: Yes
Discovered by: João Antunes (AJECT -- Attack Injection Tool) on 10/Dec/2005
Exploit: Not Available
Solution: Not Available
Status: Unpatched. No reply from developer(s).


----------------------------------------
Vulnerability Description
----------------------------------------
The vulnerability can be triggered by sending the following messages to
the imap server:
A001 LOGIN username password	// enter in AUTHENTICATED state
A002 SELECT inbox		// enter in SELECTED state
A003 SEARCH <A x 560>		// overflow search argument

This will crash the server. Successful exploitation could result in a
denial of service or execution of arbitrary code.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ