| VID |
22493 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The remote host appears to be running Ipswitch Imail Server older than version 11.02. Such versions are reportedly affected by multiple issues :
- By sending a specially crafted message to imailsrv.exe with multiple 'Reply-To' headers set, it may be possible for a remote unauthenticated attacker to execute arbitrary code on the remote system. (ZDI-10-126)
- By sending a specially crafted message containing '?Q?' operator, it may be possible for a remote authenticated attacker to execute arbitrary code on the remote system with SYSTEM privileges. (ZDI-10-127)
- By sending a specially crafted message with a overly long '-NOTIFY' argument, it may be possible for a remote unauthenticated attacker to execute arbitrary code on the remote system. (ZDI-10-128)
* Note: This check solely relied on the banner of Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.zerodayinitiative.com/advisories/ZDI-10-126/
http://www.zerodayinitiative.com/advisories/ZDI-10-127/
http://www.zerodayinitiative.com/advisories/ZDI-10-128/
http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0231.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0232.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0233.html
* Platforms Affected:
Ipswitch, Inc., IMail Server prior to 11.02
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of IMail Server (11.02 or later), available from the Ipswitch Web page at http://www.imailserver.com/support/releases/im1102.asp |
| Related URL |
(CVE) |
| Related URL |
41717,41718,41719 (SecurityFocus) |
| Related URL |
(ISS) |
|
