iDEFENSE Security Advisory 05.24.05-3 – Remote exploitation of several buffer overflow vulnerabilities in Ipswitch Inc.’s Imail 8.13 IMAP server allows attackers to execute arbitrary code with System privileges. The first vulnerability specifically exists in the handling of a long username to the LOGIN command. A long username argument of approximately 2,000 bytes will cause a stack based unicode string buffer overflow providing the attacker with partial control over EIP. As this vulnerability is in the LOGIN command itself, valid credentials are not required. Version 8.12 is confirmed vulnerable. Earlier versions may be susceptible as well.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/39312/05.24.05-3.txt
Source: https://packetstormsecurity.com/files/39312/iDEFENSE-Security-Advisory-2005-05-24.3.html