hi bache ha :
--------------
TITLE:
IA WebMail Server GET Request Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA10107

VERIFY ADVISORY:
[Only registered and activated users can see links]

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
IA WebMail Server 3.x

DESCRIPTION:
A vulnerability has been identified in IA WebMail Server, which can
be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the web
service when handling HTTP GET requests. This can be exploited to
cause a buffer overflow by sending an overly long, specially crafted
GET request to a vulnerable system.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed in version 3.1.0. It has been
reported to affect prior versions as well.

SOLUTION:
****** long requests in a HTTP ***** or firewall with URL filtering
capabilities.

Restrict access to the web service (default port 8180/tcp) allowing
only trusted IPs to connect.

REPORTED BY / CREDITS:
Peter Winter-Smith

ORIGINAL ADVISORY:
[Only registered and activated users can see links]

----------------------------------------------------------------------