GEN:SID | 1:2217 |
Message | WEB-CGI printmail.cgi access |
Summary | This event is generated when an attempt is made to access printmail.cgi on an internal web server. This may indicate an attempt to exploit a buffer overflow vulnerability in Ipswitch IMail 7.04 and earlier.
|
Impact | Denial of service.
|
Detailed Information | Ipswitch IMail is a mail server that supports multiple mail protocols. Its web mail implementation contains a vulnerability in printmail.cgi where, if a mailbox name with more than 248 dot characters (.) is requested, the service will crash. It has also been reported that this is caused by a buffer overflow error that may allow an attacker to execute arbitrary code, but this has not been confirmed.
|
Affected Systems | Mail servers running Ipswitch Imail 7.04 and earlier with web mail enabled.
|
Attack Scenarios | An attacker sends an HTTP request to printmail.cgi for a mailbox with more than 248 dot characters in the mailbox name parameter. The mail server will crash and must be restarted.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to a newer version or apply the vendor-supplied hotfix available at ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail704.exe.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/3427
|
Rule References | bugtraq: 3427
bugtraq: 4579
cve: 2001-1283
nessus: 11748
|