ISMail Vulnerabilities
Created 3/4/03
Impact
A remote attacker could execute arbitrary commands with
Local System privileges.
Background
ISMail
is a mail server for Windows platforms. It supports the
ESMTP, POP3, and IMAP4 protocols.
The Problem
A buffer overflow in the processing of domain names in
the MAIL FROM and RCPT TO
commands could allow a remote attacker to execute arbitrary
code or crash the service. Furthermore, a mail message which
causes the mail service to crash in this manner will remain
in the outgoing mail folder, causing the buffer overflow
to occur again once the service is restarted. ISMail 1.2.5,
1.4.3, and possibly earlier versions are affected by this
vulnerability.
Resolution
Upgrade
to ISMail 1.4.5 or higher.
Where can I read more about this?
This vulnerability was reported in
NGSSoftware Advisory #NISR27022003.