GEN:SID 1:2217
Message WEB-CGI printmail.cgi access
Summary This event is generated when an attempt is made to access printmail.cgi on an internal web server. This may indicate an attempt to exploit a buffer overflow vulnerability in Ipswitch IMail 7.04 and earlier.
Impact Denial of service.
Detailed Information Ipswitch IMail is a mail server that supports multiple mail protocols. Its web mail implementation contains a vulnerability in printmail.cgi where, if a mailbox name with more than 248 dot characters (.) is requested, the service will crash. It has also been reported that this is caused by a buffer overflow error that may allow an attacker to execute arbitrary code, but this has not been confirmed.
Affected Systems Mail servers running Ipswitch Imail 7.04 and earlier with web mail enabled.
Attack Scenarios An attacker sends an HTTP request to printmail.cgi for a mailbox with more than 248 dot characters in the mailbox name parameter. The mail server will crash and must be restarted.
Ease of Attack Simple.
Corrective Action Upgrade to a newer version or apply the vendor-supplied hotfix available at ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail704.exe.
Additional References Bugtraq
http://www.securityfocus.com/bid/3427
Rule References bugtraq: 3427
bugtraq: 4579
cve: 2001-1283
nessus: 11748