Buffer Overrun in FTGate4 Groupware Mail server
/******
Package: FTGate4 Groupware Mail server
Auth: http://www.floosietek.com/
Version(s): 4.1 / previous versions may also be vulnerable
Vulnerability Type: Remote Code Execution
*****************/
Disclaimer:
---------
The information is provided "as is" without warranty of any kind.
The author of this issue shall not be held liable for any
downtime, lost profits, or damages due to the informations
contained in this advisory.
What?s FTGate4:
--------------
[description taken from from the author's site]
FTGate4 is a powerful Windows(TM) communication suite that combines
exceptional mail handling facilities with comprehensive Groupware
functionality. Its security and collaboration features were
developed in conjunction with leading ISP's and define a new era in
mail server performance.
Synopsis:
--------
FTGate4 is vulnerable to a buffer overrun which could potentially
lead to execution of arbitrary code.
Description:
-----------
FTGate4 contains a security flaw in the IMAP server caused due to
boundary errors in the handling of various commands (like EXAMINE).
Impact:
------
An attacker could exploit the vulnerability by sending a malformed
request to the IMAP server running on port 143, resulting in a
Denial of Service condition and potentially arbitrary code execution
with the privileges of the SYSTEM user.
Workaround:
----------
There is no known workaround at this time.
PoC:
-------
www.lucaercoli.it/exploits/FTGate-expl.pl
Credits:
--
Luca Ercoli <io [at] lucaercoli.it>
http://www.lucaercoli.it