Lucene search

Manuel Santamarina SuarezZDI-06-003

HistoryMar 13, 2006 - 12:00 a.m.

Ipswitch Collaboration Suite Code Execution Vulnerability

2006-03-1300:00:00

Manuel Santamarina Suarez

www.zerodayinitiative.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.185 Low

EPSS

Percentile

96.2%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch Collaboration Suite. Authentication is required to exploit this vulnerability. This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow.

References

www.ipswitch.com/support/ics/updates/ics200603prem.asp

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.185 Low

EPSS

Percentile

96.2%

JSON

Related for ZDI-06-003