Lucene search

[email protected]CVE-2008-1497

HistoryMar 25, 2008 - 7:44 p.m.

CVE-2008-1497

2008-03-2519:44:00

CWE-119

[email protected]

web.nvd.nist.gov

netwin

surgemail

imap

buffer overflow

cve-2008-1497

security vulnerability

7.7 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.91 High

EPSS

Percentile

98.9%

JSON

Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.

Affected configurations

NVD

Node

netwinsurgemailMatch1.8g3

netwinsurgemailMatch1.9b2

netwinsurgemailMatch2.0a2

netwinsurgemailMatch2.0c

netwinsurgemailMatch2.0e

netwinsurgemailMatch2.0g2

netwinsurgemailMatch2.1c7

netwinsurgemailMatch2.2a6

netwinsurgemailMatch2.2c10

netwinsurgemailMatch2.2g2

netwinsurgemailMatch2.2g3

netwinsurgemailMatch3.0a

netwinsurgemailMatch3.0c2

netwinsurgemailMatch3.2e

netwinsurgemailMatch3.5a

netwinsurgemailMatch3.5b3

netwinsurgemailMatch3.6d

netwinsurgemailMatch3.6f3

netwinsurgemailMatch3.6f5

netwinsurgemailMatch3.6f7

netwinsurgemailMatch3.7b

netwinsurgemailMatch3.7b3

netwinsurgemailMatch3.7b5

netwinsurgemailMatch3.7b6

netwinsurgemailMatch3.7b7

netwinsurgemailMatch3.7b8

netwinsurgemailMatch3.8a

netwinsurgemailMatch3.8b

netwinsurgemailMatch3.8d

netwinsurgemailMatch3.8f

netwinsurgemailMatch3.8f2

netwinsurgemailMatch3.8f3

netwinsurgemailMatch3.8i

netwinsurgemailMatch3.8i2

netwinsurgemailMatch3.8i3

netwinsurgemailMatch3.8k

netwinsurgemailMatch3.8k2

netwinsurgemailMatch3.8k3

netwinsurgemailMatch3.8m

CPENameOperatorVersion
netwin:surgemailnetwin surgemaileq1.8g3
netwin:surgemailnetwin surgemaileq1.9b2
netwin:surgemailnetwin surgemaileq2.0a2
netwin:surgemailnetwin surgemaileq2.0c
netwin:surgemailnetwin surgemaileq2.0e
netwin:surgemailnetwin surgemaileq2.0g2
netwin:surgemailnetwin surgemaileq2.1c7
netwin:surgemailnetwin surgemaileq2.2a6
netwin:surgemailnetwin surgemaileq2.2c10
netwin:surgemailnetwin surgemaileq2.2g2

CPE	Name	Operator	Version
netwin:surgemail	netwin surgemail	eq	1.8g3
netwin:surgemail	netwin surgemail	eq	1.9b2
netwin:surgemail	netwin surgemail	eq	2.0a2
netwin:surgemail	netwin surgemail	eq	2.0c
netwin:surgemail	netwin surgemail	eq	2.0e
netwin:surgemail	netwin surgemail	eq	2.0g2
netwin:surgemail	netwin surgemail	eq	2.1c7
netwin:surgemail	netwin surgemail	eq	2.2a6
netwin:surgemail	netwin surgemail	eq	2.2c10
netwin:surgemail	netwin surgemail	eq	2.2g2

Rows per page:

1-10 of 391

References

secunia.com/advisories/29105

securityreason.com/securityalert/3774

www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07

www.netwinsite.com/surgemail/help/updates.htm

www.securityfocus.com/archive/1/489959/100/0/threaded

www.securityfocus.com/bid/28377

exchange.xforce.ibmcloud.com/vulnerabilities/41402

7.7 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.91 High

EPSS

Percentile

98.9%

JSON

Related for CVE-2008-1497

nvd2 cvelist2 prion2 cve1