Surgemail 38k4 IMAP server remote stack overflow

2008.03.26
Credit: infocus
Risk: High
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 9/10
Impact Subscore: 10/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

INFIGO IS Security Advisory #ADV-2008-03-07 http://www.infigo.hr/en/ Title: Surgemail 38k4 IMAP server remote stack overflow Advisory ID: INFIGO-2008-03-07 Date: 2008-03-21 Advisory URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07 Impact: Remote code execution Risk Level: High Vulnerability Type: Remote ==[ Overview SurgeMail Mail Server Software Suite - combines advanced features, high performance and ease of use. Works on Windows, UNIX (Linux, Solaris etc.), Mac OSX, FreeBSD and others. Surgemail integrated email server is an Antispam Server, Antivirus Server, Webmail Server, Groupware Server, Blog Server and much more. ==[ Vulnerability A remote vanilla stack overflow vulnerability exists in the Surgemail IMAP server. The vulnerability is caused due to a boundary error in the IMAP server, when processing overly long arguments of the 'LSUB' command. The vulnerability results in a simple stack overflow condition that can be trivially exploited. Example: a002 LSUB "//AA:" * 12000 + " " + "//AA:" * 21000 + "\r\n" ==[ Affected Version The vulnerability has been identified in the latest available 38k4-4. It was tested on Windows XP SP2. ==[ Fix The vendor released a new version that fixes the vulnerability available at http://www.netwinsite.com/surgemail/. ==[ PoC Exploit http://www.infigo.hr/files/surgemail.pl ==[ Vendor status 01.09.2008 - Initial contact 01.10.2008 - Initial vendor response 03.19.2008 - Vendor status update - Patch available 03.21.2008 - Coordinated public disclosure ==[ Credits Vulnerability discovered by Leon Juranic <leon.juranic (at) infigo (dot) hr [email concealed]>. ==[ INFIGO IS Security Contact INFIGO IS, WWW : http://www.infigo.hr/en/ E-mail : infocus (at) infigo (dot) hr [email concealed]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top