IMail vulnerabilities

CVE 2001-0039

Impact

A remote attacker could execute arbitrary commands with SYSTEM privileges or cause IMail to stop responding, thus shutting down e-mail service.

Note: The red stoplight on this page indicates the highest possible severity level for this category of vulnerabilities. The severity level for this instance is indicated by the colored dot beside the link to this tutorial on the previous page.

Background

IMail is an e-mail package which runs on Windows systems. It provides SMTP, IMAP, and POP services.

The Problem

Due to a buffer overflow condition in the handling of mailing lists, it is possible to execute arbitrary commands by sending a message with a long, specially-crafted string in the header to a valid mailing list on the server. IMail version 6.06 and earlier are affected by this vulnerability if unpatched.

CVE 2001-0039
A second vulnerability could allow an attacker to crash the IMail server by supplying a password between 80 and 136 characters in length with the SMTP AUTH command. The server will respond to a string greater than 136 characters long with an error message, but that does not cause the server to crash. IMail 6.05 and possibly earlier versions are affected by this vulnerability unless the patch for IMail 6.05 has been applied.

Resolution

Upgrade to IMail 6.07 when it becomes available. If IMail 6.07 is not available, upgrade to IMail 6.06 and install the IMailSrv patch.

Where can I read more about this?

The buffer overflow in the handling of mailing lists was reported in eEye advisory AD20010424. The denial-of-service vulnerability was posted to Bugtraq.