IMAP: Literal Length Overflow
This protocol anomaly detects an IMAP literal that specifies more octets than the user-defined maximum. A literal is a sequence of zero or more octets. The default maximum number of octets can changed in the Sensor Settings Rulebase>Protocol Thresholds and Configuration>IMAP>Maximum Literal Length.
Extended Description
Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle specially crafted IMAP commands. Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers' mail service to stop responding, thus denying further email service for legitimate users. To recover from the denial-of-service condition, administrators must restart the IIS Admin Service service.
Affected Products
Avaya messaging_application_server,Microsoft exchange_server_2000
References
BugTraq: 23810
CVE: CVE-2007-0221
URL: http://www.imap.org/ http://www.microsoft.com/technet/security/Bulletin/MS07-026.mspx
Short Name
IMAP:OVERFLOW:LIT_LENGTH_OFLOW
Severity
Critical
Recommended
True
Recommended Action
None
Category
IMAP
Keywords
CVE-2007-0221 bid:23810
Release Date
01/30/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Frequently
Vendors
Avaya
Microsoft
CVSS Score
7.8