| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <3E076AC1-26DA-4D59-9611-9AEF7DDCD4C3@di.fc.ul.pt> Date: Tue, 2 Sep 2008 16:07:53 +0100 From: João Antunes <jantunes@...fc.ul.pt> To: bugtraq@...urityfocus.com, vuldb@...urityfocus.com Subject: [AJECT] Softalk IMAP Server 8.5.1 DoS vulnerability ---------------------------------------- Synopsis ---------------------------------------- Softalk IMAP Server 8.5.1 is vulnerable to denial-of-service (DoS) attacks. The IMAP server crashes when processing an APPEND command with a strange parameter (see details bellow). Other commands may also trigger the same behavior. Product: Softalk Mail Server Version: 8.5.1.431 and probably the older versions Vendor: Softalk (www.softalkltd.com) Type: Denial-of-service Risk: service disruption Remote: Yes Discovered by: João Antunes (AJECT -- Attack Injection Tool) on 05/Jun/ 2008 Exploit: Not Available Solution: Not Available Status: Developers were contacted and should be releasing a corrected version soon (8.5.2 beta 2) ---------------------------------------- Vulnerability Description ---------------------------------------- The vulnerability can be triggered by sending the following messages to the imap server: A001 LOGIN user password A01 APPEND Ax5000 (UIDNEXT MESSAGES) (…) Ax5000 (UIDNEXT MESSAGES) For the sake of legibility, the APPEND command was presented above in a condensed form. The "(...)" means that the parameters should be repeated several times in the same command (e.g., ten times). Successful exploitation results in a remote denial of service.
Powered by blists - more mailing lists