|
|
|
|
| |
Credit:
The information has been provided by: the Zero Day Initiative (ZDI). This vulnerability was discovered by an anonymous researcher.
For the original advisory please visit: http://www.zerodayinitiative.com/advisories/ZDI-06-028.html.
|
| |
Vulnerable Systems:
* ICS/IMail Server 2006
Description:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Ipswitch Collaboration Suite and IMail.
Authentication is not required to exploit this vulnerability.
The specific flaw exists within the SMTP daemon. A lack of bounds
checking during the parsing of long strings contained within the
characters '@' and ':' leads to a stack overflow vulnerability.
Exploitation can result in code execution or a denial of service.
CVE Information:
CVE-2006-4379
Vendor Status:
Ipswitch has issued an update, version 2006.1, to correct this
vulnerability. More details can be found at:
http://www.ipswitch.com/support/imail/releases/im20061.asp
Disclosure Timeline:
2006.06.22 - Vulnerability reported to vendor
2006.08.31 - Digital Vaccine released to TippingPoint customers
2006.09.07 - Coordinated public release of advisory
|
|
|
|
|
