Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2216 |
Message | WEB-CGI readmail.cgi access |
Summary | This event is generated when an attempt is made to access readmail.cgi on an internal web server. This may indicate an attempt to exploit a buffer overflow vulnerability in Ipswitch IMail 7.04 and earlier. |
Impact | Denial of service. |
Detailed Information | Ipswitch IMail is a mail server that supports multiple mail protocols. Its web mail implementation contains a vulnerability in readmail.cgi where, if a mailbox name with more than 248 dot characters (.) is requested, the server will crash. It has also been reported that this is caused by a buffer overflow error that may allow an attacker to execute arbitrary code, but this has not been confirmed. |
Affected Systems | Mail servers running Ipswitch Imail 7.04 and earlier with web mail enabled. |
Attack Scenarios | An attacker sends an HTTP request to readmail.cgi for a mailbox with more than 248 dot characters in the mailbox name parameter. The mail server will crash and must be restarted. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to a newer version or apply the vendor-supplied hotfix available at ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail704.exe. |
Additional References | Bugtraq http://www.securityfocus.com/bid/3427 |
Rule References | bugtraq: 3427 bugtraq: 4579 cve: 2001-1283 nessus: 11748 |
--
DID:636446
--
http://www.aanval.com/