full-disclosure - iDEFENSE Security Advisory 12.06.05: Ipswitch Collaboration Suite SMTP Format String Vulnerability

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Tue Dec 13 16:07:12 2005
From: 0wnj00 at gmail.com (Owen Dhu)
Subject: iDEFENSE Security Advisory 12.06.05: Ipswitch
	Collaboration Suite SMTP Format String Vulnerability

On 12/6/05, labs-no-reply@...fense.com <labs-no-reply@...fense.com> wrote:

> Ipswitch Collaboration Suite SMTP Format String Vulnerability
[...]
> Remote exploitation of a format string vulnerability in Ipswitch
> IMail allows remote attackers to execute arbitrary code.

Can iDEFENSE (or anyone else) elaborate on this? I have been working with
this for a little while and iMail doesn't seem to be exploitable in this way.

TIA.