ID CVE-2001-0039 Type cve Reporter cve@mitre.org Modified 2017-10-10T01:29:00
Description
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.
{"osvdb": [{"lastseen": "2017-04-28T13:19:56", "bulletinFamily": "software", "cvelist": ["CVE-2001-0039"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html\nISS X-Force ID: 5674\n[CVE-2001-0039](https://vulners.com/cve/CVE-2001-0039)\nBugtraq ID: 2083\n", "modified": "2000-12-07T00:00:00", "published": "2000-12-07T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:1686", "id": "OSVDB:1686", "type": "osvdb", "title": "Ipswitch IMail SMTP AUTH DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:31:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0039", "CVE-2001-0494"], "description": "A vulnerability exists within IMail that allows remote attackers to gain SYSTEM level\n access to servers running IMail", "modified": "2019-03-04T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231010994", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231010994", "type": "openvas", "title": "IPSwitch IMail SMTP Buffer Overflow", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: DDI_IPSwitch-IMail-SMTP-Buffer-Overflow.nasl 13975 2019-03-04 09:32:08Z cfischer $\n#\n# IPSwitch IMail SMTP Buffer Overflow\n#\n# Authors:\n# Forrest Rae <forrest.rae@digitaldefense.net>\n# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>\n# Erik Anderson <eanders@carmichaelsecurity.com>\n# Added BugtraqID\n#\n# Copyright:\n# Copyright (C) 2002 Digital Defense, Inc.\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:ipswitch:imail_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.10994\");\n script_version(\"$Revision: 13975 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-04 10:32:08 +0100 (Mon, 04 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(2083, 2651);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2001-0039\", \"CVE-2001-0494\");\n script_name(\"IPSwitch IMail SMTP Buffer Overflow\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2002 Digital Defense, Inc.\");\n script_family(\"SMTP problems\");\n script_dependencies(\"gb_ipswitch_imail_server_detect.nasl\");\n script_mandatory_keys(\"Ipswitch/IMail/detected\");\n\n script_xref(name:\"URL\", value:\"http://ipswitch.com/support/IMail/patch-upgrades.html\");\n\n script_tag(name:\"impact\", value:\"If an attacker crafts a special buffer and sends it to a remote IMail SMTP server\n it is possible that an attacker can remotely execute code (commands) on the IMail system.\");\n\n script_tag(name:\"insight\", value:\"The vulnerability stems from the IMail SMTP daemon not doing proper bounds checking on\n various input data that gets passed to the IMail Mailing List handler code.\");\n\n script_tag(name:\"solution\", value:\"Download the latest patch from the linked references.\");\n\n script_tag(name:\"summary\", value:\"A vulnerability exists within IMail that allows remote attackers to gain SYSTEM level\n access to servers running IMail's SMTP daemon (versions 6.06 and below).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! version = get_app_version( cpe:CPE, nofork:TRUE ) ) exit(0);\n\nif( version_is_less_equal( version:version, test_version:\"6.06\" ) ) {\n report = report_fixed_ver( installed_version:version, fixed_version:\"See references\" );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:10:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0039", "CVE-2001-0494"], "description": "A vulnerability exists within IMail that\nallows remote attackers to gain SYSTEM level\naccess to servers running IMail's SMTP\ndaemon (versions 6.06 and below). The\nvulnerability stems from the IMail SMTP daemon \nnot doing proper bounds checking on various input \ndata that gets passed to the IMail Mailing List \nhandler code. If an attacker crafts a special \nbuffer and sends it to a remote IMail SMTP server \nit is possible that an attacker can remotely execute \ncode (commands) on the IMail system.", "modified": "2017-05-01T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:10994", "href": "http://plugins.openvas.org/nasl.php?oid=10994", "type": "openvas", "title": "IPSwitch IMail SMTP Buffer Overflow", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: DDI_IPSwitch-IMail-SMTP-Buffer-Overflow.nasl 6053 2017-05-01 09:02:51Z teissa $\n# Description: IPSwitch IMail SMTP Buffer Overflow\n#\n# Authors:\n# Forrest Rae <forrest.rae@digitaldefense.net>\n# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>\n# Erik Anderson <eanders@carmichaelsecurity.com>\n# Added BugtraqID\n#\n# Copyright:\n# Copyright (C) 2002 Digital Defense, Inc.\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"A vulnerability exists within IMail that\nallows remote attackers to gain SYSTEM level\naccess to servers running IMail's SMTP\ndaemon (versions 6.06 and below). The\nvulnerability stems from the IMail SMTP daemon \nnot doing proper bounds checking on various input \ndata that gets passed to the IMail Mailing List \nhandler code. If an attacker crafts a special \nbuffer and sends it to a remote IMail SMTP server \nit is possible that an attacker can remotely execute \ncode (commands) on the IMail system.\";\n\ntag_solution = \"Download the latest patch from\nhttp://ipswitch.com/support/IMail/patch-upgrades.html\";\n\nif(description)\n{\n\tscript_id(10994);\n\tscript_version(\"$Revision: 6053 $\");\n\tscript_tag(name:\"last_modification\", value:\"$Date: 2017-05-01 11:02:51 +0200 (Mon, 01 May 2017) $\");\n\tscript_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n\tscript_bugtraq_id(2083, 2651);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\tscript_cve_id(\"CVE-2001-0039\",\"CVE-2001-0494\");\n\n \n \tname = \"IPSwitch IMail SMTP Buffer Overflow\";\n \tscript_name(name);\n \n \tsummary = \"IPSwitch IMail SMTP Buffer Overflow\";\n\tscript_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\tscript_copyright(\"This script is Copyright (C) 2002 Digital Defense, Inc.\");\n\tfamily = \"SMTP problems\";\n\tscript_family(family);\n\tscript_dependencies(\"find_service.nasl\");\n\tscript_require_ports(25);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n\texit(0);\n}\n\ndebug = 0;\nddidata = string(\"Not Applicable\");\nport = 25;\n\nif(get_port_state(port))\n{\n\tif(debug == 1) { display(\"Port \", port, \" is open.\\n\"); }\n\t\t\n\n\tsoc = open_sock_tcp(port);\n\tif(soc)\n\t{\n\t\tif(debug == 1)\n\t\t{\n\t\t\tdisplay(\"Socket is open.\\n\");\n\t\t}\n\t\t\n\t\tbanner = recv_line(socket:soc, length:4096);\n\t\t\n\t\tif(debug == 1)\n\t\t{\n\t\t\tdisplay(\"\\n---------Results from request ---------\\n\");\n\t\t\tdisplay(banner);\n\t\t\tdisplay(\"\\n---------End of Results from request ---------\\n\\n\");\n\t\t}\n\t\t \n\t\tif(\n\t\t egrep(pattern:\"IMail 6\\.0[1-6] \", string:banner) \t|| \n\t\t egrep(pattern:\"IMail 6\\.0 \", string:banner) \t\t||\n\t\t egrep(pattern:\"IMail [1-5]\\.\", string:banner)\n\t\t )\n\t\t{\n\t\t\tif(debug == 1)\n\t\t\t{\n\t\t\t\tdisplay(\"SMTP Server is Imail\\n\");\n\t\t\t}\n\t\t\n\t\t\tsecurity_message(port); \n\t\t\texit(0);\n\t\t}\n\n\t\tclose(soc);\n\t}\n\telse\n\t{\n\t\tif(debug == 1) { display(\"Error: Socket didn't open.\\n\"); }\n\t}\n}\n\n\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-04-01T00:53:56", "description": "A vulnerability exists within IMail that allows remote attackers to\ngain SYSTEM level access to servers running IMail's SMTP daemon\n(versions 6.06 and below). The vulnerability stems from the IMail\nSMTP daemon not doing proper bounds checking on various input data\nthat gets passed to the IMail Mailing List handler code. If an\nattacker crafts a special buffer and sends it to a remote IMail SMTP\nserver, it is possible that an attacker can remotely execute code\n(commands) on the IMail system.", "edition": 28, "published": "2002-06-05T00:00:00", "title": "IPSwitch IMail SMTP Multiple Vulnerabilities (OF, DoS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0039", "CVE-2001-0494"], "modified": "2021-04-02T00:00:00", "cpe": [], "id": "DDI_IPSWITCH-IMAIL-SMTP-BUFFER-OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/nessus/10994", "sourceData": "#\n# This script is Copyright (C) Digital Defense Inc.\n# Author: Forrest Rae <forrest.rae@digitaldefense.net>\n#\n# Script audit and contributions from Carmichael Security\n# Erik Anderson <eanders@carmichaelsecurity.com> (nb: domain no longer exists)\n# Added BugtraqID\n#\n# See the Nessus Scripts License for details\n#\n\n# Changes by Tenable:\n# - Revised description, added CVSS, updated severity (4/10/2009)\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n\tscript_id(10994);\n\tscript_version (\"1.23\");\n\n\tscript_cve_id(\"CVE-2001-0039\",\"CVE-2001-0494\");\n\tscript_bugtraq_id(2083, 2651);\n \n \tscript_name(english:\"IPSwitch IMail SMTP Multiple Vulnerabilities (OF, DoS)\");\n\tscript_summary(english:\"IPSwitch IMail SMTP Buffer Overflow\");\n \n\tscript_set_attribute(attribute:\"synopsis\", value:\n\"It may be possible to execute arbitrary commands on the remote\nsystem.\");\n\tscript_set_attribute(attribute:\"description\", value:\n\"A vulnerability exists within IMail that allows remote attackers to\ngain SYSTEM level access to servers running IMail's SMTP daemon\n(versions 6.06 and below). The vulnerability stems from the IMail\nSMTP daemon not doing proper bounds checking on various input data\nthat gets passed to the IMail Mailing List handler code. If an\nattacker crafts a special buffer and sends it to a remote IMail SMTP\nserver, it is possible that an attacker can remotely execute code\n(commands) on the IMail system.\" );\n\t# https://web.archive.org/web/20011109230429/http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html\n\tscript_set_attribute(attribute:\"see_also\",value:\n\"http://www.nessus.org/u?ff8d9b9d\" );\n\tscript_set_attribute(attribute:\"solution\", value:\n\"Apply vendor-supplied patches.\" );\n\tscript_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\tscript_set_attribute(attribute:\"plugin_publication_date\", value:\n\"2002/06/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2000/12/07\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\tscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n\tscript_end_attributes();\n\n\tscript_category(ACT_GATHER_INFO);\n\tscript_copyright(english:\"This script is Copyright (C) 2002-2016 Digital Defense, Inc.\");\n\tscript_family(english:\"SMTP problems\");\n\tscript_dependencie(\"find_service1.nasl\");\n\tscript_require_ports(25);\n\texit(0);\n}\n\ndebug = 0;\nddidata = string(\"Not Applicable\");\nport = 25;\n\nif(get_port_state(port))\n{\n\tif(debug == 1) { display(\"Port \", port, \" is open.\\n\"); }\n\t\t\n\n\tsoc = open_sock_tcp(port);\n\tif(soc)\n\t{\n\t\tif(debug == 1)\n\t\t{\n\t\t\tdisplay(\"Socket is open.\\n\");\n\t\t}\n\t\t\n\t\tbanner = recv_line(socket:soc, length:4096);\n\t\t\n\t\tif(debug == 1)\n\t\t{\n\t\t\tdisplay(\"\\n---------Results from request ---------\\n\");\n\t\t\tdisplay(banner);\n\t\t\tdisplay(\"\\n---------End of Results from request ---------\\n\\n\");\n\t\t}\n\t\t \n\t\tif(\n\t\t egrep(pattern:\"IMail 6\\.0[1-6] \", string:banner) \t|| \n\t\t egrep(pattern:\"IMail 6\\.0 \", string:banner) \t\t||\n\t\t egrep(pattern:\"IMail [1-5]\\.\", string:banner)\n\t\t )\n\t\t{\n\t\t\tif(debug == 1)\n\t\t\t{\n\t\t\t\tdisplay(\"SMTP Server is IMail\\n\");\n\t\t\t}\n\t\t\n\t\t\tsecurity_hole(port); \n\t\t\texit(0);\n\t\t}\n\n\t\tclose(soc);\n\t}\n\telse\n\t{\n\t\tif(debug == 1) { display(\"Error: Socket didn't open.\\n\"); }\n\t}\n}\n\n\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}