Update Protection aganist Malformed IMAP Commands Vulnerabilities (LIST, LOGIN, SELECT)
| Check Point Reference: | CPAI-2006-098 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | SecurityTracker Alert ID: 1015748 Secunia Advisory: SA19267 iDEFENSE Advisory: 12.20.05 |
|
| Industry Reference(s): | CVE-2006-1158 CVE-2006-1255 CVE-2005-4267 CVE-2005-2923 |
|
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Kerio MailServer prior to version 6.1.3 patch 1 Mercur Messaging 2005 Eudora Qualcomm WorldMail version 3.0 and prior | ||
| Vulnerability Description Several IMAP servers contain buffer overflow errors in the way these servers handle IMAP commands. By carefully crafting an overly long SELECT/LOGIN/LIST command, an attacker can trigger a buffer overflow which may lead to an application crash or arbitrary code execution. |
||
|
Update/Patch Available Eudora Qualcomm WorldMail: Upgrade to Eudora Qualcomm WorldMail version 3.1 : http://www.eudora.com/download/worldmail/ |
|
|
Vulnerability Details CVE-2006-1255: Mercur Messaging 2005 contains several boundary errors in the handling of IMAP commands. An attacker can cause an affected system to execute arbitrary code via overly long arguments passed to the LOGIN and SELECT commands. CVE-2006-1158: Kerio MailServer contains an error in handling a specially crafted argument passed to the IMAP LOGIN command. This could be exploited by remote attackers to crash a vulnerable server.
|
Protection Overview
Overly long IMAP commands (LOGIN, SELECT and LIST) may cause a buffer overflow on an affected IMAP server. The update addresses the issue by validating the length of the SELECT, LOGIN and LIST commands and blocking these commands if they exceed a certain length.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The update released on September 12, 2006 includes the following protections:
Malformed IMAP Commands Protection (CPAI-2006-098)
Protection against Microsoft Windows DHCP Remote Code Execution (MS06-036) - CPAI-2006-101
MiniBB Remote File Vulnerabilities (CPAI-2006-102)
GraceNote (CDDB) Control ActiveX Vulnerability (CPAI-2006-103)
Microsoft Internet Explorer 6 (Internet.HHCtrl) Vulnerability (CPAI-2006-104)
Microsoft Internet Explorer UTF-8 Decoding Vulnerability (MS06-021) - CPAI-2006-105
Apache LDAP HTTP Server Buffer Overflow Vulnerability (CPAI-2006-106)
Pre-Patch Workaround for Microsoft Office Vulnerabilities (SBP-2006-06)