FTGate4 POP3 Multiple Buffer Overflows
Publish Date: 04 de февраля de 2011
Severity: : High
CVE Kennungen: : CVE-2005-4568
Advisory Date: 04 de февраля de 2011
DESCRIPTION
Multiple format string vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allow remote attackers to execute arbitrary code via format string specifiers in the (1) USER, (2) PASS, and (3) TOP commands to the POP3 server; and the (4) LIST and (5) AUTHENTICATE commands to the IMAP server.
INFORMATION EXPOSURE
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
AFFECTED SOFTWARE AND VERSION:
- Floosietek FTGate 4.4 Build 4.4.000