Note: The red stoplight on this page indicates the highest possible severity level for this category of vulnerabilities. The severity level for this instance is indicated by the colored dot beside the link to this tutorial on the previous page.
8/6/02
CVE 2002-1076
A buffer overflow in the processing of GET
requests by the IMail web messaging service could allow a
remote attacker to crash the service or execute arbitrary
commands. IMail prior to 7.12 is affected by this vulnerability.
5/28/02
CVE 2002-0777
Due to a buffer overflow condition in the LDAP
service which comes with IMail, a remote attacker could execute
arbitrary commands with SYSTEM privileges by specifying a long,
specially crafted argument to the bind DN parameter.
IMail version 7.1 and earlier are affected by this vulnerability.
10/25/01
CAN 2001-1281
CAN 2001-1282
CAN 2001-1283
CAN 2001-1284
CAN 2001-1285
CAN 2001-1286
Multiple vulnerabilities in IMail's web messaging component
could allow a remote attacker to hijack e-mail sessions,
gain information about the server's directory structure,
predict session ID's, or cause the web interface to become
unresponsive. Users with an account on the server could
gain access to other users' mailboxes or change other users'
account information. IMail 7.04 and possibly earlier versions
are affected by these vulnerabilities.
10/25/01
CAN 2001-1287
A buffer overflow in IMail's
Web Calendaring component could allow a remote attacker
to execute arbitrary commands with SYSTEM privileges
or cause the calendaring service to become unresponsive. IMail
7.04 and possibly earlier versions are affected by this vulnerability.
5/4/01
CVE 2001-0494
Due to a buffer overflow condition in the handling of
mailing lists, it is possible to execute arbitrary commands
by sending a message with a long, specially-crafted
string in the header to a valid mailing list on the server.
IMail version 6.06 and earlier are affected by this
vulnerability if unpatched.
CVE 2001-0039
A remote attacker could crash the IMail server by supplying a
password between 80 and 136 characters in length with
the SMTP AUTH command. The server will
respond to a string greater than 136 characters long
with an error message, but that does not cause the server
to crash.
IMail 6.05 and possibly earlier versions are affected
by this vulnerability unless the patch for IMail 6.05
has been applied.