| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <050A6012-57ED-4802-99BE-53C03EE8C33D@di.fc.ul.pt> Date: Wed, 17 Sep 2008 13:52:37 +0100 From: João Antunes <jantunes@...fc.ul.pt> To: bugtraq@...urityfocus.com, vuldb@...urityfocus.com Subject: [AJECT] SurgeMail IMAP 3.9e vulnerability ---------------------------------------- Synopsis ---------------------------------------- SurgeMail Mail Server 3.9e (Windows and Unix-based versions) is vulnerable to denial-of-service (DoS) attacks. The nature of the crash may indicate a buffer overflow problem, but the developers claimed otherwise. The IMAP server abruptly crashes when processing an APPEND message with a large parameter. Product: SurgeMail Mail Server Version: 3.9e and probably the older versions Vendor: NetWin (www.netwinsite.com) Type: Denial-of-service Risk: service disruption Remote: Yes Discovered by: João Antunes (AJECT -- Attack Injection Tool) on 04/Jun/ 2008 Exploit: Not Available Solution: Not Available Status: Developers were contacted and corrected the software in version 3.9g2 ---------------------------------------- Vulnerability Description ---------------------------------------- The vulnerability can be triggered by sending the following messages: A01 LOGIN username password A01 APPEND Ax5000 (UIDNEXT MESSAGES) This should crash both the windows and unix-based versions of the IMAP server. Successful exploitation results in a remote denial of service.
Powered by blists - more mailing lists