Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2002 Digital Defense Inc.OPENVAS:136141256231010994
HistoryNov 03, 2005 - 12:00 a.m.

IPSwitch IMail SMTP Buffer Overflow

2005-11-0300:00:00
Copyright (C) 2002 Digital Defense Inc.
plugins.openvas.org
13

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

82.1%

JSON

A vulnerability exists within IMail that allows remote attackers to gain SYSTEM level
access to servers running IMail

# SPDX-FileCopyrightText: 2002 Digital Defense Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:ipswitch:imail_server";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.10994");
  script_version("2023-07-07T05:05:26+0000");
  script_tag(name:"last_modification", value:"2023-07-07 05:05:26 +0000 (Fri, 07 Jul 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-2001-0039", "CVE-2001-0494");
  script_name("IPSwitch IMail SMTP Buffer Overflow");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2002 Digital Defense Inc.");
  script_family("SMTP problems");
  script_dependencies("gb_ipswitch_imail_server_detect.nasl");
  script_mandatory_keys("Ipswitch/IMail/detected");

  script_xref(name:"URL", value:"http://ipswitch.com/support/IMail/patch-upgrades.html");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/2083");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/2651");

  script_tag(name:"impact", value:"If an attacker crafts a special buffer and sends it to a remote IMail SMTP server
  it is possible that an attacker can remotely execute code (commands) on the IMail system.");

  script_tag(name:"insight", value:"The vulnerability stems from the IMail SMTP daemon not doing proper bounds checking on
  various input data that gets passed to the IMail Mailing List handler code.");

  script_tag(name:"solution", value:"Download the latest patch from the linked references.");

  script_tag(name:"summary", value:"A vulnerability exists within IMail that allows remote attackers to gain SYSTEM level
  access to servers running IMail's SMTP daemon (versions 6.06 and below).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if( ! version = get_app_version( cpe:CPE, nofork:TRUE ) ) exit(0);

if( version_is_less_equal( version:version, test_version:"6.06" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"See references" );
  security_message( port:0, data:report );
  exit( 0 );
}

exit( 99 );

Related

nessus 1
openvas 1
cve 2
nessus
nessus
IPSwitch IMail SMTP Multiple Vulnerabilities (OF, DoS)
2002-06-05 00:00:00
openvas
openvas
IPSwitch IMail SMTP Buffer Overflow
2005-11-03 00:00:00
cve
cve
CVE-2001-0039
2001-02-16 05:00:00
CVE-2001-0494
2001-06-27 04:00:00

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

82.1%

JSON
Related for OPENVAS:136141256231010994
nessus1openvas1cve2