VULHUB ™

IMail is a Windows NT/2000-based e-mail server from IPSwitch. A vulnerability exists in IMail's SMTP daemon. The IMail SMTP daemon passes certain SMTP requests to a section of code which handles mailing lists. A flaw exists in this code which results in a failure to properly validate user-supplied input. As a result, a buffer overflow can be triggered by SMTP requests which include the name of a mailing list hosted by the vulnerable server. If properly-structured hostile code is also included in the request, it will be executed with SYSTEM privileges. This can allow the remote execution of arbitrary hostile code on the system hosting IMail.

IMail is a Windows NT/2000-based e-mail server from IPSwitch. A vulnerability exists in IMail's SMTP daemon. The IMail SMTP daemon passes certain SMTP requests to a section of code which handles mailing lists. A flaw exists in this code which results in a failure to properly validate user-supplied input. As a result, a buffer overflow can be triggered by SMTP requests which include the name of a mailing list hosted by the vulnerable server. If properly-structured hostile code is also included in the request, it will be executed with SYSTEM privileges. This can allow the remote execution of arbitrary hostile code on the system hosting IMail.