Arbitrary code injection vulnerabilities in Ipswitch IMAP server
The IMAP server by Ipswitch, which is installed together with Collaboration Suite and IMail, contains arbitrary code injection and execution vulnerabilities. New software versions have been provided to fix these bugs.
TippingPoint has reported a hole in the Imailsec component which can be exploited by unauthenticated attackers to execute arbitrary code. Also, specially crafted subscribe commands can cause a buffer overflow. Security service provider iDefense has reported two vulnerabilities in the IMAP server. Authenticated users can cause a buffer overflow using malformed search or search charset commands and thereby inject arbitrary code, which is executed with SYSTEM privileges. The changelog provided by Ipswitch also mentions another hole, which can be exploited by unauthenticated attackers to crash the service.
Ipswitch has released updated software versions to fix these vulnerabilities. Administrators are advised to install these updates as soon as possible or to disable IMAP support and use POP3 or Webmail instead, if an update is not possible.
- Ipswitch IMail Server 2006 Multiple IMAP Buffer Overflow Vulnerabilities, security advisory by iDefense
- IMail 2006.21, download and changelog of the current IMail version
- Ipswitch Collaboration Suite 2006.21, download and changelog of the current Collaboration Suite version