Lucene search

SAINT CorporationSAINT:0E0FA72FC76966BD8AFF956C95B7F1C2

HistoryMar 15, 2006 - 12:00 a.m.

IMail IMAP FETCH command buffer overflow

2006-03-1500:00:00

SAINT Corporation

download.saintcorporation.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.185 Low

EPSS

Percentile

95.7%

JSON

Added: 03/15/2006
CVE: CVE-2005-3526
BID: 17063
OSVDB: 23796

Background

IMail is a mail server for Windows including SMTP, IMAP, and LDAP services.

Problem

A buffer overflow vulnerability in IMail allows remote authenticated attackers to execute arbitrary commands by sending a specially crafted **FETCH** command to the IMAP service.

Resolution

Upgrade to IMail 2006.03 or higher.

References

<http://secunia.com/advisories/19168/>

Limitations

Exploit works on IMail Server 2006(02a). At least one message must exist in the user’s inbox in order for the exploit to succeed.

Platforms

Windows 2000
Windows XP

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.185 Low

EPSS

Percentile

95.7%

JSON

Related for SAINT:0E0FA72FC76966BD8AFF956C95B7F1C2