SurgeMail IMAP LIST Command Remote Buffer Overflow Vulnerability

SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts likely result in denial-of-service conditions.

SurgeMail 3.8k4-4 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus