SAINT CorporationSAINT:D6E769A5B9337880189FACBEA0196EFCIMail SMTP RCPT TO buffer overflow
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.962 High
EPSS
Percentile
99.5%
Added: 09/29/2006
CVE: CVE-2006-4379
BID: 19885
OSVDB: 28576
Background
IMail is an e-mail server for Windows platforms.
Problem
A buffer overflow vulnerability in the SMTP daemon allows remote command execution by sending a **RCPT TO** argument containing a long string between **@** and **:** characters.
Resolution
Upgrade to IMail 2006.1 or higher.
References
<http://www.securityfocus.com/archive/1/445521>
Limitations
Exploit works with IMail Server 8.10. Exploitation requires that the server have a fixed IP address. Due to the nature of the vulnerability, the success of the exploit may depend on the state of the target system.
Platforms
Windows 2000
Windows Server 2003
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.962 High
EPSS
Percentile
99.5%