Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20552
HistorySep 20, 2008 - 12:00 a.m.

[AJECT] SurgeMail IMAP 3.9e vulnerability

2008-09-2000:00:00
vulners.com
12
JSON

Synopsis

SurgeMail Mail Server 3.9e (Windows and Unix-based versions) is
vulnerable to denial-of-service (DoS) attacks. The nature of the crash
may indicate a buffer overflow problem, but the developers claimed
otherwise.
The IMAP server abruptly crashes when processing an APPEND message
with a large parameter.

Product: SurgeMail Mail Server
Version: 3.9e and probably the older versions
Vendor: NetWin (www.netwinsite.com)
Type: Denial-of-service
Risk: service disruption
Remote: Yes
Discovered by: João Antunes (AJECT – Attack Injection Tool) on 04/Jun/
2008
Exploit: Not Available
Solution: Not Available
Status: Developers were contacted and corrected the software in
version 3.9g2

Vulnerability Description

The vulnerability can be triggered by sending the following messages:
A01 LOGIN username password
A01 APPEND Ax5000 (UIDNEXT MESSAGES)

This should crash both the windows and unix-based versions of the IMAP
server.
Successful exploitation results in a remote denial of service.

JSON