axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded *x00 sequence on the imap port (143/tcp).
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Axigen_mail_server | Gecad_technologies | 1.2.6 (including) | 1.2.6 (including) |
| Axigen_mail_server | Gecad_technologies | 2.0.0b1 (including) | 2.0.0b1 (including) |
Potential Mitigations
References
- http://marc.info/?l=full-disclosure\u0026m=117094708423302\u0026w=2
- http://osvdb.org/33165
- http://secunia.com/advisories/24073
- http://www.securityfocus.com/bid/22473
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32345
- https://www.exploit-db.com/exploits/3290
- http://marc.info/?l=full-disclosure\u0026m=117094708423302\u0026w=2
- http://osvdb.org/33165
- http://secunia.com/advisories/24073
- http://www.securityfocus.com/bid/22473
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32345
- https://www.exploit-db.com/exploits/3290