[AJECT] Softalk IMAP Server 8.5.1 DoS vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx, vuldb@xxxxxxxxxxxxxxxxx
Subject: [AJECT] Softalk IMAP Server 8.5.1 DoS vulnerability
From: João Antunes <jantunes@xxxxxxxxxxx>
Date: Tue, 2 Sep 2008 16:07:53 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :content-type:content-transfer-encoding:subject:mime-version:date :x-mailer:sender; bh=0rNVrxqh5vIleap3eLJCQP9jWPLGIzmQe+OKtggYJuA=; b=pR0qwm2aak+6/0hnDxNKAJc/4CBaVpteBG8FBxu7GfY0nrF0PGOnfXVeaz1rqVGWYM S3U5eQGg45Z2SuEzy85kN38yHfx+q0b0q5ozTIYshN87+SppMYd3/op9DnDcvRFDVKu8 gt7OihdnQZamnh/1ILbLKgXMOYUaS9sZoyAKc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:content-type:content-transfer-encoding:subject :mime-version:date:x-mailer:sender; b=plAJlZ7E2Cf95HIaV0jL5ctTG6IyLktpu3K7Iolu+GJlCKCUQy9eJzD/JmKtRw+h25 MzFDtneKLpPTeiUZzxqeWpCc5ViQ4O6Z4W4rxH0iZiFh6PfvqZiGY1BzRj5vXQf9P+x/ t1EJ6KdEdGeDWg68dHGtjsCAGImmfzoAP8+fs=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Sender: João Antunes <jasantunes@xxxxxxxxx>

----------------------------------------
Synopsis
----------------------------------------

Softalk IMAP Server 8.5.1 is vulnerable to denial-of-service (DoS)attacks.The IMAP server crashes when processing an APPEND command with astrange parameter (see details bellow). Other commands may alsotrigger the same behavior.


Product: Softalk Mail Server
Version: 8.5.1.431 and probably the older versions
Vendor: Softalk (www.softalkltd.com)
Type: Denial-of-service
Risk: service disruption
Remote: Yes

Discovered by: João Antunes (AJECT -- Attack Injection Tool) on 05/Jun/2008

Exploit: Not Available
Solution: Not Available

Status: Developers were contacted and should be releasing a correctedversion soon (8.5.2 beta 2)


----------------------------------------
Vulnerability Description
----------------------------------------

The vulnerability can be triggered by sending the following messagesto the imap server:

A001 LOGIN user password
A01 APPEND Ax5000 (UIDNEXT MESSAGES) (…) Ax5000 (UIDNEXT MESSAGES)

For the sake of legibility, the APPEND command was presented above ina condensed form.The "(...)" means that the parameters should be repeated several timesin the same command (e.g., ten times). Successful exploitation resultsin a remote denial of service.

Prev by Date: Postfix Linux-only local denial of service
Next by Date: HPSBUX02354 SSRT080113 rev.1 - HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS)
Previous by thread: Postfix Linux-only local denial of service
Next by thread: HPSBUX02354 SSRT080113 rev.1 - HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS)
Index(es):
- Date
- Thread