[VIM] MOAUB #15 - Ipswitch Imail Server List Mailer Reply-To Address Memory Corruption

rkeith rkeith at securityfocus.com
Thu Sep 16 12:11:36 CDT 2010

Hey George,

This is an interesting one and you may be correct. Doesn't help that ZDI doesn't disclose a source or any significant details.

We'll err on the safe side and create a second BID for this issue.


George A. Theall wrote:
> Abyssec published an advisory today concerning a memory corruption issue
> in Ipswitch Imail that's triggered with multiple long Reply-To headers:
> http://www.exploit-db.com/moaub-15-ipswitch-imail-server-list-mailer-reply-to-address-memory-corruption/
> I see that SecurityFocus has added this as an additional PoC in BID
> 41717, suggesting it's the same as the issue covered by ZDI-10-126.
> While the advisories are very similar, I think there are really two
> distinct issues at play here. That is, ZDI claims the issue has been
> addressed by iMail 11.02 while Abyssec lists versions 11.01 and 11.02 as
> affected.  And more significantly, Ipswitch themselves have responded
> already to Abyssec's advisory with a patch:
> http://kb.imailserver.com/cgi-bin/imail.cfg/php/enduser/std_adp.php?p_faqid=1197
> Thoughts? Rob?
> George

Rob Keith

More information about the VIM mailing list