|
|
>> E-Post Mail Products Buffer Overflow and Denial of Service Vulnerabilities
|
Multiple vulnerabilities were identified in various E-Post Mail Server products, which could be exploited by remote attackers or malicious users to execute arbitrary commands, disclose sensitive information, or cause a denial of service.
The first issue is due to a stack overflow error in the SMTP service that does not properly handle an overly long username passed to the "AUTH PLAIN" and "AUTH LOGIN" commands, which could be exploited by attackers to execute arbitrary commands.
The second flaw is due to a stack overflow error in the POP3 service that does not properly handle an overly long username passed to the "APOP" command, which could be exploited by attackers to execute arbitrary commands.
The third vulnerability is due to an error in the IMAP service that does not properly handle an overly long mailbox name passed to the "DELETE" command, which could be exploited by attackers to cause a denial of service.
The fourth flaw is due to an input validation error in the IMAP service that does not properly validate certain arguments passed to the "LIST" command, which could be exploited by attackers to obtain directory listings of arbitrary folders, or cause a denial of service by listing certain directories.
The fifth vulnerability is due to input validation errors in the IMAP service when handling specially crafted arguments passed to the "APPEND", "COPY", and "RENAME" commands, which could be exploited by malicious users to create ".MSG" files and arbitrary directories outside of the mail directory.
The sixth issue is due to an infinite loop error in the IMAP service when a user sends an APPEND command and terminates the connection without sending the expected amount of data, which could be exploited by attackers to cause the IMAP server to exhaust all available memory resources causing a denial of service.
Affected Products
E-Post Mail Server Enterprise version 4.10
E-Post Mail Server version 4.10
E-Post SMTP Server Enterprise version 4.10
E-Post SMTP Server version 4.10
SPA-PRO Mail @Solomon Enterprise version 4.00
SPA-PRO Mail @Soloman version 4.00
SPA-PRO SMTP @Soloman version 4.00
Solution
Patch for E-Post Mail Server Enterprise 4.10 :
http://www.e-postinc.jp/bin/jp-mail@epostmsent20060117.exe
Patch for E-Post Mail Server 4.10 :
http://www.e-postinc.jp/bin/jp-mail@epostmsstd20060117.exe
Patch for E-Post SMTP Server Enterprise 4.10 :
http://www.e-postinc.jp/bin/jp-mail@epostssent20060117.exe
Patch for E-Post SMTP Server 4.10 :
http://www.e-postinc.jp/bin/jp-mail@epostssstd20060117.exe
Patch for SPA-PRO Mail @Solomon Enterprise 4.00 :
http://www.e-postinc.jp/bin/jp-mail@solomon20060117.exe
Patch for SPA-PRO Mail @Soloman 4.00 :
http://www.e-postinc.jp/bin/jp-mail@solomon20060117.exe
Patch for SPA-PRO SMTP @Soloman 4.00 :
http://www.e-postinc.jp/bin/jp-smtp@solomon20060117.exe
References
http://www.vupen.com/english/advisories/2006/0318
http://secunia.com/secunia_research/2006-1/advisory/
Credits
Vulnerabilities reported by Tan Chew Keong
ChangeLog
2006-01-25 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
