IMail vulnerabilities
New (3.1.3)
Impact
A remote attacker could cause IMail to stop responding, thus
shutting down e-mail service.
Background
IMail
is an e-mail package which runs on Windows systems. It provides
SMTP, IMAP, and POP
services.
The Problem
It is possible to crash the IMail server by supplying a
password between 80 and 136 characters in length with
the SMTP AUTH command. The server will
respond to a string greater than 136 characters long
with an error message, but that does not cause the server
to crash.
IMail 6.05 and possibly earlier versions are affected
by this vulnerability unless the patch for IMail 6.05
has been applied.
Resolution
Apply the
SMTPd32, POP3d32, and IMAP4d32 patch for IMail 6.05.
Where can I read more about this?
This vulnerability was posted to
Bugtraq.