Intrusion Prevention

IMAP.Commands.Buffer.Overflow

Description

This indicates a possible attempt to exploit one of several stack based buffer overflow vulnerabilities in the Mercury IMAP server.
The buffer overflows can be triggered by using overly long arguments with the EXAMINE, SUBSCRIBE, STATUS, APPEND, CHECK, CLOSE, EXPUNGE, FETCH, RENAME, DELETE, LIST, SEARCH, CREATE or UNSUBSCRIBE commands. The vulnerabilities are caused by the application's lack of proper bounds checking on user supplied input, before copying it to a fixed size memory buffer. These vulnerabilities may allow remote authenticated users to cause a denial of service and possibly execute arbitrary code.

Affected Products

David Harris Mercury (win32 version) 4.0 1 and 4.0 1a.

Impact

System compromise: execution of arbitrary code on the system.

Recommended Actions

Upgrade to Mercury 4.0 1b or later.

Coverage

IPS (Regular DB)
IPS (Extended DB)

ID	11599
Created	Jan 10, 2006
Updated	Apr 23, 2014
Risk
CVE ID	CVE-2007-2795 CVE-2008-1358 CVE-2006-6425 CVE-2004-1211
Exploit Prediction Score	96.37%
Default Action	pass
Active
Affected OS	Windows
Affected App	Other

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

IMAP.Commands.Buffer.Overflow

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

IMAP.Commands.Buffer.Overflow

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Threat Intelligence
Center