iDEFENSE Security Advisory 12.06.05 - Remote exploitation of a denial of service (DoS) vulnerability in Ipswitch Inc.'s Imail IMAP server allows attackers to crash the target service, thereby preventing legitimate use. The problem specifically exists in handling long arguments to the LIST command. When a LIST command of approximately 8000 bytes is supplied, internal string parsing routines can be manipulated in such a way as to reference non-allocated sections of memory. This parsing error results in an unhandled access violation, forcing the daemon to exit. iDEFENSE has confirmed the existence of this vulnerability in Ipswitch IMail 8.2.
e5d1bd2f932ad64040c064cb10b1600cfc02038904b8a0fd03bccc78a73df522