Ipswitch IMail Server version 8.20 and Ipswitch Collaboration Suite version 2.0.1 contain vulnerabilities that could allow a remote attacker to cause a denial of service (DoS) condition or execute arbitrary code on the affected server.
The first vulnerability (CAN-2005-2923) exists in the IMAP server. A remote, authenticated attacker could exploit this vulnerability by passing an overly long argument to the IMAP LIST command designed to access unallocated memory. This allows the attacker to cause the IMAP server to crash.
The second vulnerability (CAN-2005-2931) exists in the use of functions that allow format string specifiers. A remote attacker could exploit this vulnerability by submitting data containing format string specifiers to
certain functions in affected commands. This could allow the attacker to execute arbitrary code on the affected system.
Patches are available.