Lucene search

SAINT CorporationSAINT:70EE21F7CFB7A9EF3658057B5573984F

HistoryAug 02, 2007 - 12:00 a.m.

Ipswitch IMail IMAP SUBSCRIBE command buffer overflow

2007-08-0200:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.152 Low

EPSS

Percentile

95.9%

JSON

Added: 08/02/2007
CVE: CVE-2007-3927
BID: 24962
OSVDB: 36222

Background

IMail is an e-mail server for Windows platforms.

Problem

A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SUBSCRIBE command.

Resolution

Upgrade to Ipswitch IMail Server version 2006.21.

References

<http://www.zerodayinitiative.com/advisories/ZDI-07-043.html>

Limitations

Exploit works on Ipswitch IMail 2006.2 and requires a valid IMAP login and password.

Platforms

Windows 2000
Windows Server 2003

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.152 Low

EPSS

Percentile

95.9%

JSON

Related for SAINT:70EE21F7CFB7A9EF3658057B5573984F