IpSwitch IMail Denial of Service Vulnerability

IPSWITCH IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, LDAP etc.

IMail server SMTP service is subject to a denial of service. By specifying a base 64encoded SMTP AUTH password containing 80 to 136 bytes, the IMail server will stop responding and refuse any new connections.

If the length exceeds 136 bytes, the server will report that the password is too long. It is not known why this behaviour occurs.


Privacy Statement
Copyright 2010, SecurityFocus