[VIM] MOAUB #15 - Ipswitch Imail Server List Mailer Reply-To Address Memory Corruption
George A. Theall
theall at tenable.com
Wed Sep 15 21:12:07 CDT 2010
Abyssec published an advisory today concerning a memory corruption
issue in Ipswitch Imail that's triggered with multiple long Reply-To
headers:
http://www.exploit-db.com/moaub-15-ipswitch-imail-server-list-mailer-reply-to-address-memory-corruption/
I see that SecurityFocus has added this as an additional PoC in BID
41717, suggesting it's the same as the issue covered by ZDI-10-126.
While the advisories are very similar, I think there are really two
distinct issues at play here. That is, ZDI claims the issue has been
addressed by iMail 11.02 while Abyssec lists versions 11.01 and 11.02
as affected. And more significantly, Ipswitch themselves have
responded already to Abyssec's advisory with a patch:
http://kb.imailserver.com/cgi-bin/imail.cfg/php/enduser/std_adp.php?p_faqid=1197
Thoughts? Rob?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list