CVE-2005-3640

Floosietek FTGate 4.1 - Remote Code Execution via Long IMAP Command Arguments

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3640. PoCs published by Luca Ercoli.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in FTGate IMAP server by sending maliciously crafted EXAMINE commands with excessive data. It attempts to crash the service or execute arbitrary code via a stack-based overflow.

Description

Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luca Ercoli · perldoswindows

https://www.exploit-db.com/exploits/1327

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in FTGate IMAP server by sending maliciously crafted EXAMINE commands with excessive data. It attempts to crash the service or execute arbitrary code via a stack-based overflow.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: FTGate IMAP Server (version not specified)

Auth required

Prerequisites: Network access to the target IMAP server (port 143) · Valid IMAP credentials for authentication

MITRE ATT&CK