Full Disclosure mailing list archives
Re: iDEFENSE Security Advisory 12.06.05: Ipswitch
From: "Chris Rogers" <cprogers () bellsouth net>
Date: Fri, 16 Dec 2005 03:23:40 -0500
It's an overflow in the _vsnprintf() function. As far as I've read, this makes your options quite limited. You can only write to data pointers passed to you through the va_args list of the function. As far as I've seen when messing with this vulnerability, there are no potentials for overwrites. I see no function pointers, only text data. Just attach a debugger to ipswitch, and send MAIL FROM: %n%n%n%n%n%n@%n%n%n%n%n.com to cause a fault in the debugger. Chris ----- Original Message ----- From: "Owen Dhu" <0wnj00 () gmail com> To: <bugtraq () securityfocus com>; <vulnwatch () vulnwatch org>; <full-disclosure () lists grok org uk> Sent: Tuesday, December 13, 2005 11:07 AM Subject: Re: [Full-disclosure] iDEFENSE Security Advisory 12.06.05: Ipswitch Collaboration Suite SMTP Format String Vulnerability On 12/6/05, labs-no-reply () idefense com <labs-no-reply () idefense com> wrote:
Ipswitch Collaboration Suite SMTP Format String Vulnerability
[...]
Remote exploitation of a format string vulnerability in Ipswitch IMail allows remote attackers to execute arbitrary code.
Can iDEFENSE (or anyone else) elaborate on this? I have been working with this for a little while and iMail doesn't seem to be exploitable in this way. TIA.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch Chris Rogers (Dec 16)
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch FistFucker (Dec 16)
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch H D Moore (Dec 16)
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch FistFucker (Dec 16)
- Message not available
- Message not available
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch FistFucker (Dec 16)
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch H D Moore (Dec 16)
- Re: iDEFENSE Security Advisory 12.06.05: Ipswitch FistFucker (Dec 16)