Lucene search

SAINT CorporationSAINT:60DA19F8A4A0433A387EA78813EBFEC9

HistoryJul 27, 2007 - 12:00 a.m.

Ipswitch IMail Server IMAP SEARCH buffer overflow

2007-07-2700:00:00

SAINT Corporation

download.saintcorporation.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.975 High

EPSS

Percentile

99.9%

JSON

Added: 07/27/2007
CVE: CVE-2007-3925
BID: 24962
OSVDB: 36219

Background

IMail is an e-mail server for Windows platforms.

Problem

A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SEARCH command.

Resolution

Upgrade to Ipswitch IMail Server version 2006.21.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563>

Limitations

Exploit works on Ipswitch IMail Server 2006.1. A valid IMAP login and password are required.

Platforms

Windows 2000
Windows Server 2003

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.975 High

EPSS

Percentile

99.9%

JSON

Related for SAINT:60DA19F8A4A0433A387EA78813EBFEC9