AOH :: HP Unsorted S :: VA1108.HTM

Softalk IMAP Server 8.5.1 DoS vulnerability
Softalk IMAP Server 8.5.1 DoS vulnerability
Softalk IMAP Server 8.5.1 DoS vulnerability

Softalk IMAP Server 8.5.1 is vulnerable to denial-of-service (DoS)  
The IMAP server crashes when processing an APPEND command with a  
strange parameter (see details bellow). Other commands may also  
trigger the same behavior.

Product: Softalk Mail Server
Version: and probably the older versions
Vendor: Softalk ( 
Type: Denial-of-service
Risk: service disruption
Remote: Yes
Discovered by: Jo=E3o Antunes (AJECT -- Attack Injection Tool) on 05/Jun/ 
Exploit: Not Available
Solution: Not Available
Status: Developers were contacted and should be releasing a corrected  
version soon (8.5.2 beta 2)

Vulnerability Description
The vulnerability can be triggered by sending the following messages  
to the imap server:
A001 LOGIN user password

For the sake of legibility, the APPEND command was presented above in  
a condensed form.
The "(...)" means that the parameters should be repeated several times  
in the same command (e.g., ten times). Successful exploitation results  
in a remote denial of service.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to