/****** Package: FTGate4 Groupware Mail server Auth: http://www.floosietek.com/ Version(s): 4.1 / previous versions may also be vulnerable Vulnerability Type: Remote Code Execution *****************/ Disclaimer: --------- The information is provided "as is" without warranty of any kind. The author of this issue shall not be held liable for any downtime, lost profits, or damages due to the informations contained in this advisory. What?s FTGate4: -------------- [description taken from from the author's site] FTGate4 is a powerful Windows(TM) communication suite that combines exceptional mail handling facilities with comprehensive Groupware functionality. Its security and collaboration features were developed in conjunction with leading ISP's and define a new era in mail server performance. Synopsis: -------- FTGate4 is vulnerable to a buffer overrun which could potentially lead to execution of arbitrary code. Description: ----------- FTGate4 contains a security flaw in the IMAP server caused due to boundary errors in the handling of various commands (like EXAMINE). Impact: ------ An attacker could exploit the vulnerability by sending a malformed request to the IMAP server running on port 143, resulting in a Denial of Service condition and potentially arbitrary code execution with the privileges of the SYSTEM user. Workaround: ---------- There is no known workaround at this time. PoC: ------- www.lucaercoli.it/exploits/FTGate-expl.pl Credits: -- Luca Ercoli <io [at] lucaercoli.it> http://www.lucaercoli.it
