Lucene search

SAINT CorporationSAINT:7F4B10A6F71152CC1E427DC6A3328659

HistoryJul 27, 2007 - 12:00 a.m.

Ipswitch IMail Server IMAP SEARCH buffer overflow

2007-07-2700:00:00

SAINT Corporation

my.saintcorporation.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON

Added: 07/27/2007
CVE: CVE-2007-3925
BID: 24962
OSVDB: 36219

Background

IMail is an e-mail server for Windows platforms.

Problem

A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SEARCH command.

Resolution

Upgrade to Ipswitch IMail Server version 2006.21.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563>

Limitations

Exploit works on Ipswitch IMail Server 2006.1. A valid IMAP login and password are required.

Platforms

Windows 2000
Windows Server 2003

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON

Related for SAINT:7F4B10A6F71152CC1E427DC6A3328659