AOH :: HP Unsorted S :: VA1290.HTM

SurgeMail IMAP 3.9e vulnerability
SurgeMail IMAP 3.9e vulnerability
SurgeMail IMAP 3.9e vulnerability

SurgeMail Mail Server 3.9e (Windows and Unix-based versions) is  
vulnerable to denial-of-service (DoS) attacks. The nature of the crash  
may indicate a buffer overflow problem, but the developers claimed  
The IMAP server abruptly crashes when processing an APPEND message  
with a large parameter.

Product: SurgeMail Mail Server
Version: 3.9e and probably the older versions
Vendor: NetWin ( 
Type: Denial-of-service
Risk: service disruption
Remote: Yes
Discovered by: Jo=E3o Antunes (AJECT -- Attack Injection Tool) on 04/Jun/ 
Exploit: Not Available
Solution: Not Available
Status: Developers were contacted and corrected the software in  
version 3.9g2

Vulnerability Description
The vulnerability can be triggered by sending  the following messages:
A01 LOGIN username password

This should crash both the windows and unix-based versions of the IMAP  
Successful exploitation results in a remote denial of service.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to