Intrusion Prevention

Floosietek.FTGate.tzoffset.Buffer.Overflow

Description

This indicates an attempt to exploit a buffer overflow vulnerability in Floosietek FTGate.
The vulnerability can be exploited by sending a specially crafted HTTP POST request with an overly large " tzoffset" parameter. As a result a remote attacker could cause the server to crash or execute arbitrary code with the privileges of the server.

Affected Products

FTGate 4 Groupware Mail version 4.4 (4.4.000) and prior.

Impact

System compromise: renote code execution.
Denial of service.

Recommended Actions

Upgrade to FTGate 4 Groupware Mail version 4.4.005 :
http://www.ftgate.com/content/206.htm

CVE References

CVE-2005-4569