Netscape Messaging Server DoS Vulnerability

Netscape Messenger

There exists no bounds checking on the length of the argument to the list IMAP command in Netscape Messenger Server. As a result, it is possible to crash the service if more than 512 characters are sent as the argument to 'list', as the program's internal memory will be partially overwritten and corrupted by the extraneous data. It may also be possible for an attacker to insert machine code onto the stack, and then execute it, with daemon privileges, by overwriting the return address of the vulnerable function.


 

Privacy Statement
Copyright 2010, SecurityFocus