Users login

Create an account »


Users login

Home » Hacking News » Buffer Overflow in Ipswitch Imail 7.1 and prior

Buffer Overflow in Ipswitch Imail 7.1 and prior

by Nikola Strahija on May 21st, 2002 A buffer overflow exists in the LDAP component of Ipswitch's IMail software suite. Exploitation of this vulnerability allows remote execution of arbitrary code with the privileges of the IMail daemon (default is SYSTEM).


The IMail server ships with several components including an LDAP
service. The LDAP server allows a remote client read access to
the IMail directory. A vulnerability exists during the
process which allows an outside attacker remote access to the
server with the privileges of the SYSTEM account.

When "binding" to the server with simple authentication a "bind DN"
and password can be specified. By providing an overly long string
the "bind DN" parameter, it is possible to overwrite the saved
address, control the instruction pointer and execute arbitrary code
the remote process.


Refer to the advisory published by Ipswitch at

Customers should obtain upgraded software by contacting their
support representative to receive the required patches.


Foundstone would like to thank Ipswitch for their prompt response
handling of this problem.


The information contained in this advisory is copyright (c) 2002
Foundstone, Inc. and is believed to be accurate at the time of
publishing, but no representation of any warranty is given,
express, or
implied as to its accuracy or completeness. In no event shall the
author or Foundstone be liable for any direct, indirect,
special, exemplary or consequential damages resulting from the use
misuse of this information. This advisory may be redistributed,
provided that no fee is assigned and that the advisory is not
in any way.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »