<<< Date Index >>>     <<< Thread Index >>>

[AJECT] Softalk IMAP Server 8.5.1 DoS vulnerability



----------------------------------------
Synopsis
----------------------------------------
Softalk IMAP Server 8.5.1 is vulnerable to denial-of-service (DoS) attacks. The IMAP server crashes when processing an APPEND command with a strange parameter (see details bellow). Other commands may also trigger the same behavior.

Product: Softalk Mail Server
Version: 8.5.1.431 and probably the older versions
Vendor: Softalk (www.softalkltd.com)
Type: Denial-of-service
Risk: service disruption
Remote: Yes
Discovered by: João Antunes (AJECT -- Attack Injection Tool) on 05/Jun/ 2008
Exploit: Not Available
Solution: Not Available
Status: Developers were contacted and should be releasing a corrected version soon (8.5.2 beta 2)

----------------------------------------
Vulnerability Description
----------------------------------------
The vulnerability can be triggered by sending the following messages to the imap server:
A001 LOGIN user password
A01 APPEND Ax5000 (UIDNEXT MESSAGES) (…) Ax5000 (UIDNEXT MESSAGES)

For the sake of legibility, the APPEND command was presented above in a condensed form. The "(...)" means that the parameters should be repeated several times in the same command (e.g., ten times). Successful exploitation results in a remote denial of service.