Search criteria
160 vulnerabilities found for imail by ipswitch
VAR-200102-0075
Vulnerability from variot - Updated: 2024-07-23 21:48IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes. The Oracle LDAP Daemon (oidldapd version 2.1.1.1), which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. There is a vulnerability in IPSwitch IMail version 6.0.5. -----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary January 1, 2001 Volume 6 Number 2
The following computer security issues have been publicly reported and documented in the X-Force Vulnerability and Threat Database (http://xforce.iss.net).
This document is available at http://xforce.iss.net/alerts/vol-06_num-02.php. To receive these Alert Summaries: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: - - 'subscribe alert' (without the quotes).
Contents
115 Reported Vulnerabilities
Risk Factor Key
Date Reported: 12/31/00 Vulnerability: exmh-error-symlink Platforms Affected: exmh 2.2 and earlier Risk Factor: High Attack Type: Host Based Brief Description: exmh error message symlink X-Force URL: http://xforce.iss.net/static/5829.php
Date Reported: 12/30/00 Vulnerability: informix-webdriver-symlink Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Host Based Brief Description: Informix Webdriver symbolic link X-Force URL: http://xforce.iss.net/static/5827.php
Date Reported: 12/30/00 Vulnerability: informix-webdriver-admin-access Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Network Based Brief Description: Informix Webdriver remote Admin access X-Force URL: http://xforce.iss.net/static/5833.php
Date Reported: 12/29/00 Vulnerability: zonealarm-mutex-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro Mutex creation denial of service X-Force URL: http://xforce.iss.net/static/5821.php
Date Reported: 12/29/00 Vulnerability: zonealarm-batfile-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro can be taken down with a batch file X-Force URL: http://xforce.iss.net/static/5822.php
Date Reported: 12/29/00 Vulnerability: shockwave-flash-swf-bo Platforms Affected: Shockwave Plugin 8.0 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Shockwave Flash SWF file buffer overflow X-Force URL: http://xforce.iss.net/static/5826.php
Date Reported: 12/29/00 Vulnerability: macos-multiple-users Platforms Affected: MacOS 9.0 Risk Factor: High Attack Type: Host Based Brief Description: Mac OS 'Multiple Users' bypass password X-Force URL: http://xforce.iss.net/static/5830.php
Date Reported: 12/28/00 Vulnerability: http-cgi-ikonboard Platforms Affected: Ikonboard 2.1.7b and prior Risk Factor: High Attack Type: Host Based Brief Description: Ikonboard allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5819.php
Date Reported: 12/27/00 Vulnerability: http-cgi-technote-main Platforms Affected: TECH-NOTE (000, 2001, Pro) Risk Factor: High Attack Type: Network Based Brief Description: TECH-NOTE main.cgi reveals files X-Force URL: http://xforce.iss.net/static/5813.php
Date Reported: 12/26/00 Vulnerability: xwindows-char-dos Platforms Affected: XFree86 Risk Factor: Low Attack Type: Network/Host Based Brief Description: X Windows multiple character denial of service X-Force URL: http://xforce.iss.net/static/5834.php
Date Reported: 12/25/00 Vulnerability: 1stup-mail-server-bo Platforms Affected: 1st Up Mail Server 4.1 Risk Factor: Medium Attack Type: Network Based Brief Description: 1st Up Mail Server buffer overflow X-Force URL: http://xforce.iss.net/static/5808.php
Date Reported: 12/25/00 Vulnerability: dialog-symlink Platforms Affected: Linux Debian 2.2 Risk Factor: High Attack Type: Host Based Brief Description: Linux dialog package symlink attack X-Force URL: http://xforce.iss.net/static/5809.php
Date Reported: 12/25/00 Vulnerability: ibm-wcs-admin Platforms Affected: IBM Websphere Commerce Suite Risk Factor: High Attack Type: Host Based Brief Description: IBM WCS admin.config allows user to execute arbitrary commands X-Force URL: http://xforce.iss.net/static/5831.php
Date Reported: 12/23/00 Vulnerability: http-cgi-technote-print Platforms Affected: TECH-NOTE (2000, 2001, Pro) Risk Factor: Medium Attack Type: Network Based Brief Description: TECH-NOTE print.cgi reveals files X-Force URL: http://xforce.iss.net/static/5815.php
Date Reported: 12/22/00 Vulnerability: iis-web-form-submit Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IIS Web form submission X-Force URL: http://xforce.iss.net/static/5823.php
Date Reported: 12/21/00 Vulnerability: hpux-kermit-bo Platforms Affected: HPUX (10.01, 10.10, 10.20, 11.00) Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX kermit buffer overflow X-Force URL: http://xforce.iss.net/static/5793.php
Date Reported: 12/21/00 Vulnerability: bsguest-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bsguest.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5796.php
Date Reported: 12/21/00 Vulnerability: bslist-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bslist.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5797.php
Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php
Date Reported: 12/21/00 Vulnerability: oracle-execute-plsql Platforms Affected: Oracle Application Server Risk Factor: Medium Attack Type: Network Based Brief Description: Oracle remote procedure execution X-Force URL: http://xforce.iss.net/static/5817.php
Date Reported: 12/21/00 Vulnerability: ksh-redirection-symlink Platforms Affected: IRIX (6.2, 6.5.x) Solaris (2.5.1, 2.6, 7) HPUX 9.00 Digital Unix 5.0 Risk Factor: High Attack Type: Host Based Brief Description: ksh redirection symlink attack X-Force URL: http://xforce.iss.net/static/5811.php
Date Reported: 12/21/00 Vulnerability: oracle-webdb-admin-access Platforms Affected: Oracle Internet Application Server 3.0.7 Risk Factor: High Attack Type: Network/Host Based Brief Description: Oracle IAS allows administrative access X-Force URL: http://xforce.iss.net/static/5818.php
Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Web Scan Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php
Date Reported: 12/20/00 Vulnerability: gnupg-detached-sig-modify Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG allows users to modify signed messages with detached signatures X-Force URL: http://xforce.iss.net/static/5802.php
Date Reported: 12/20/00 Vulnerability: gnupg-reveal-private Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG will import private keys along with public keys X-Force URL: http://xforce.iss.net/static/5803.php
Date Reported: 12/20/00 Vulnerability: zonealarm-nmap-scans Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm does not detect NMAP scans X-Force URL: http://xforce.iss.net/static/5799.php
Date Reported: 12/20/00 Vulnerability: zonealarm-open-shares Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm open shares X-Force URL: http://xforce.iss.net/static/5825.php
Date Reported: 12/19/00 Vulnerability: win2k-index-service-activex Platforms Affected: Windows 2000 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Windows 2000 Index Service ActiveX controls allow unauthorized access to file information X-Force URL: http://xforce.iss.net/static/5800.php
Date Reported: 12/19/00 Vulnerability: proftpd-size-memory-leak Platforms Affected: Proftpd Risk Factor: Low Attack Type: Network/Host Based Brief Description: proftpd memory leak when using SIZE command X-Force URL: http://xforce.iss.net/static/5801.php
Date Reported: 12/19/00 Vulnerability: weblogic-dot-bo Platforms Affected: WebLogic Risk Factor: Medium Attack Type: Network Based Brief Description: BEA WebLogic Server "dotdot" URL buffer overflow X-Force URL: http://xforce.iss.net/static/5782.php
Date Reported: 12/19/00 Vulnerability: mdaemon-imap-dos Platforms Affected: MDaemon Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MDaemon IMAP buffer overflow denial of service X-Force URL: http://xforce.iss.net/static/5805.php
Date Reported: 12/19/00 Vulnerability: zope-calculate-roles Platforms Affected: Zp[e Risk Factor: High Attack Type: Host Based Brief Description: zope package in Linux calculates local roles incorrectly X-Force URL: http://xforce.iss.net/static/5777.php
Date Reported: 12/19/00 Vulnerability: itetris-svgalib-path Platforms Affected: svgalib Risk Factor: High Attack Type: Host Based Brief Description: Itetris svgalib PATH X-Force URL: http://xforce.iss.net/static/5795.php
Date Reported: 12/18/00 Vulnerability: bsd-ftpd-replydirname-bo Platforms Affected: BSD Based Operating Systems Risk Factor: High Attack Type: Network Based Brief Description: BSD ftpd replydirname() function buffer overflow X-Force URL: http://xforce.iss.net/static/5776.php
Date Reported: 12/18/00 Vulnerability: sonata-command-execute Platforms Affected: Sonata Risk Factor: High Attack Type: Host Based Brief Description: Sonata argument command line execution X-Force URL: http://xforce.iss.net/static/5787.php
Date Reported: 12/18/00 Vulnerability: solaris-catman-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris catman command symlink attack X-Force URL: http://xforce.iss.net/static/5788.php
Date Reported: 12/18/00 Vulnerability: solaris-patchadd-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris patchadd symlink attack X-Force URL: http://xforce.iss.net/static/5789.php
Date Reported: 12/18/00 Vulnerability: stunnel-format-logfile Platforms Affected: Stunnel Risk Factor: High Attack Type: Network Based Brief Description: Stunnel format allows user to write to logfile X-Force URL: http://xforce.iss.net/static/5807.php
Date Reported: 12/17/00 Vulnerability: hp-top-sys-files Platforms Affected: HPUX Risk Factor: Low Attack Type: Host Based Brief Description: HP-UX top command could be used to overwrite files X-Force URL: http://xforce.iss.net/static/5773.php
Date Reported: 12/16/00 Vulnerability: zope-legacy-names Platforms Affected: Zope Risk Factor: Medium Attack Type: Network Based Brief Description: Linux zope package "legacy" names X-Force URL: http://xforce.iss.net/static/5824.php
Date Reported: 12/15/00 Vulnerability: mrj-runtime-malicious-applets Platforms Affected: MRJ Risk Factor: Low Attack Type: Host Based Brief Description: MRJ runtime environment could allow malicious applets to be executed X-Force URL: http://xforce.iss.net/static/5784.php
Date Reported: 12/14/00 Vulnerability: coffeecup-ftp-weak-encryption Platforms Affected: CoffeeCup FTP Risk Factor: Low Attack Type: Host Based Brief Description: CoffeeCup FTP client has weak password encryption X-Force URL: http://xforce.iss.net/static/5744.php
Date Reported: 12/14/00 Vulnerability: watchguard-soho-fragmented-packets Platforms Affected: WatchGuard Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall fragmented IP packet attack X-Force URL: http://xforce.iss.net/static/5749.php
Date Reported: 12/14/00 Vulnerability: jpilot-perms Platforms Affected: J-Pilot Risk Factor: Medium Attack Type: Host Based Brief Description: J-Pilot permissions could reveal sensitive information X-Force URL: http://xforce.iss.net/static/5762.php
Date Reported: 12/14/00 Vulnerability: mediaservices-dropped-connection-dos Platforms Affected: Microsoft Media Services Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft Media Services dropped connection denial of service X-Force URL: http://xforce.iss.net/static/5785.php
Date Reported: 12/14/00 Vulnerability: watchguard-soho-web-auth Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO Web config server could allow unauthenticated access X-Force URL: http://xforce.iss.net/static/5554.php
Date Reported: 12/14/00 Vulnerability: watchguard-soho-passcfg-reset Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO administrator password can be remotely reset X-Force URL: http://xforce.iss.net/static/5742.php
Date Reported: 12/14/00 Vulnerability: http-cgi-simplestguest Platforms Affected: simplestguest.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestguest.cgi input validation error X-Force URL: http://xforce.iss.net/static/5743.php
Date Reported: 12/14/00 Vulnerability: safeword-palm-pin-extraction Platforms Affected: SafeWord e.iD Palm Authenticator Risk Factor: High Attack Type: Network/Host Based Brief Description: SafeWord and e.iD Palm Authenticator allows attacker to clone Palm device X-Force URL: http://xforce.iss.net/static/5753.php
Date Reported: 12/14/00 Vulnerability: mdaemon-lock-bypass-password Platforms Affected: MDaemon Risk Factor: High Attack Type: Host Based Brief Description: MDaemon "lock" bypass password X-Force URL: http://xforce.iss.net/static/5763.php
Date Reported: 12/13/00 Vulnerability: cisco-catalyst-ssh-mismatch Platforms Affected: Cisco Catalyst Risk Factor: Low Attack Type: Network Based Brief Description: Cisco Catalyst SSH protocol mismatch X-Force URL: http://xforce.iss.net/static/5760.php
Date Reported: 12/13/00 Vulnerability: microsoft-iis-file-disclosure Platforms Affected: IIS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft IIS Far East editions file disclosure X-Force URL: http://xforce.iss.net/static/5729.php
Date Reported: 12/13/00 Vulnerability: ezshopper-cgi-file-disclosure Platforms Affected: loadpage.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: EZshopper loadpage.cgi file disclosure X-Force URL: http://xforce.iss.net/static/5740.php
Date Reported: 12/13/00 Vulnerability: winnt-mstask-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows NT MSTask.exe denial of service X-Force URL: http://xforce.iss.net/static/5746.php
Date Reported: 12/13/00 Vulnerability: bftpd-site-chown-bo Platforms Affected: BFTPD Risk Factor: High Attack Type: Network Based Brief Description: BFTPD SITE CHOWN buffer overflow X-Force URL: http://xforce.iss.net/static/5775.php
Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php
Date Reported: 12/12/00 Vulnerability: subscribemelite-gain-admin-access Platforms Affected: Subscribe Me Lite Risk Factor: Medium Attack Type: Network Based Brief Description: Subscribe Me Lite mailing list manager unauthorized access X-Force URL: http://xforce.iss.net/static/5735.php
Date Reported: 12/12/00 Vulnerability: zope-image-file Platforms Affected: Zope Risk Factor: Medium Attack Type: Host Based Brief Description: Linux zope package Image and File objects X-Force URL: http://xforce.iss.net/static/5778.php
Date Reported: 12/12/00 Vulnerability: http-cgi-everythingform Platforms Affected: everythingform.cgi Risk Factor: High Attack Type: Network Based Brief Description: everythingform.cgi input validation error X-Force URL: http://xforce.iss.net/static/5736.php
Date Reported: 12/12/00 Vulnerability: http-cgi-simplestmail Platforms Affected: simplestmail.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestmail.cgi input validation error X-Force URL: http://xforce.iss.net/static/5739.php
Date Reported: 12/12/00 Vulnerability: http-cgi-ad Platforms Affected: ad.cgi Risk Factor: High Attack Type: Network Based Brief Description: ad.cgi input validation error X-Force URL: http://xforce.iss.net/static/5741.php
Date Reported: 12/12/00 Vulnerability: kde-kmail-weak-encryption Platforms Affected: KDE KMail Risk Factor: High Attack Type: Network/Host Based Brief Description: KDE KMail weak password encryption X-Force URL: http://xforce.iss.net/static/5761.php
Date Reported: 12/12/00 Vulnerability: aolim-buddyicon-bo Platforms Affected: AOL Instant Messenger Risk Factor: High Attack Type: Network/Host Based Brief Description: AOL Instant Messenger Buddy Icon buffer overflow X-Force URL: http://xforce.iss.net/static/5786.php
Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php
Date Reported: 12/11/00 Vulnerability: rppppoe-zero-length-dos Platforms Affected: rp-pppoe Risk Factor: Medium Attack Type: Network Based Brief Description: rp-pppoe "zero-length" option denial of service X-Force URL: http://xforce.iss.net/static/5727.php
Date Reported: 12/11/00 Vulnerability: proftpd-modsqlpw-unauth-access Platforms Affected: ProFTPd Risk Factor: Medium Attack Type: Network Based Brief Description: ProFTPD system using mod_sqlpw unauthorized access X-Force URL: http://xforce.iss.net/static/5737.php
Date Reported: 12/11/00 Vulnerability: gnu-ed-symlink Platforms Affected: GNU ed Risk Factor: High Attack Type: Host Based Brief Description: GNU ed symlink X-Force URL: http://xforce.iss.net/static/5723.php
Date Reported: 12/11/00 Vulnerability: oops-ftputils-bo Platforms Affected: Oops Proxy Server Risk Factor: High Attack Type: Network/Host Based Brief Description: Oops Proxy Server ftp_utils buffer overflow X-Force URL: http://xforce.iss.net/static/5725.php
Date Reported: 12/11/00 Vulnerability: oracle-oidldap-write-permission Platforms Affected: Oracle Internet Directory Risk Factor: High Attack Type: Host Based Brief Description: Oracle Internet Directory write permission X-Force URL: http://xforce.iss.net/static/5804.php
Date Reported: 12/9/00 Vulnerability: foolproof-security-bypass Platforms Affected: FoolProof Risk Factor: High Attack Type: Host Based Brief Description: FoolProof Security restriction bypass using FTP X-Force URL: http://xforce.iss.net/static/5758.php
Date Reported: 12/8/00 Vulnerability: broadvision-bv1to1-reveal-path Platforms Affected: BroadVision One-To-One Enterprise Server Risk Factor: Low Attack Type: Network Based Brief Description: BroadVision One-To-One Enterprise Server reveals path to server X-Force URL: http://xforce.iss.net/static/5661.php
Date Reported: 12/8/00 Vulnerability: ssldump-format-strings Platforms Affected: ssldump Risk Factor: Medium Attack Type: Network Based Brief Description: ssldump format string could allow arbitrary execution of code X-Force URL: http://xforce.iss.net/static/5717.php
Date Reported: 12/8/00 Vulnerability: coldfusion-sample-dos Platforms Affected: ColdFusion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ColdFusion sample script denial of service X-Force URL: http://xforce.iss.net/static/5755.php
Date Reported: 12/8/00 Vulnerability: kerberos4-arbitrary-proxy Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 arbitrary proxy enviornment variable X-Force URL: http://xforce.iss.net/static/5733.php
Date Reported: 12/8/00 Vulnerability: kerberos4-auth-packet-overflow Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 authentication packet buffer overflow X-Force URL: http://xforce.iss.net/static/5734.php
Date Reported: 12/8/00 Vulnerability: kerberos4-user-config Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 user supplied configuration files X-Force URL: http://xforce.iss.net/static/5738.php
Date Reported: 12/8/00 Vulnerability: kerberos4-tmpfile-dos Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 race condition X-Force URL: http://xforce.iss.net/static/5754.php
Date Reported: 12/7/00 Vulnerability: homeseer-directory-traversal Platforms Affected: HomeSeer Risk Factor: Low Attack Type: Network Based Brief Description: HomeSeer allows directory traversal X-Force URL: http://xforce.iss.net/static/5663.php
Date Reported: 12/7/00 Vulnerability: offline-explorer-reveal-files Platforms Affected: MetaProducts Offline Explorer Risk Factor: Low Attack Type: Network/Host Based Brief Description: MetaProducts Offline Explorer can reveal file system X-Force URL: http://xforce.iss.net/static/5728.php
Date Reported: 12/7/00 Vulnerability: imail-smtp-auth-dos Platforms Affected: IMail Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IMail SMTP auth denial of service X-Force URL: http://xforce.iss.net/static/5674.php
Date Reported: 12/6/00 Vulnerability: apc-apcupsd-dos Platforms Affected: APC apcupsd Risk Factor: Medium Attack Type: Host Based Brief Description: APC apcupsd denial of service X-Force URL: http://xforce.iss.net/static/5654.php
Date Reported: 12/6/00 Vulnerability: cisco-catalyst-telnet-dos Platforms Affected: Cisco Catalyst Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco Catalyst telnet server memory leak denial of service X-Force URL: http://xforce.iss.net/static/5656.php
Date Reported: 12/6/00 Vulnerability: apache-php-disclose-files Platforms Affected: Apache Web server Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Apache Web server discloses files when used with php script X-Force URL: http://xforce.iss.net/static/5659.php
Date Reported: 12/6/00 Vulnerability: ultraseek-reveal-path Platforms Affected: Ultraseek Risk Factor: Medium Attack Type: Network Based Brief Description: Ultraseek Server can reveal the path and source code to certain files X-Force URL: http://xforce.iss.net/static/5660.php
Date Reported: 12/6/00 Vulnerability: irc-dreamforge-dns-dos Platforms Affected: DreamForge IRCd Risk Factor: Medium Attack Type: Network Based Brief Description: DreamForge IRCd DNS denial of service X-Force URL: http://xforce.iss.net/static/5721.php
Date Reported: 12/6/00 Vulnerability: mailman-alternate-templates Platforms Affected: MailMan Risk Factor: High Attack Type: Network Based Brief Description: MailMan Alternate Templates form variable allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5649.php
Date Reported: 12/6/00 Vulnerability: phpgroupware-include-files Platforms Affected: Risk Factor: High Attack Type: Network Based Brief Description: phpGroupWare include files allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5650.php
Date Reported: 12/6/00 Vulnerability: markvision-printer-driver-bo Platforms Affected: Lexmark MarkVision Risk Factor: High Attack Type: Host Based Brief Description: Lexmark MarkVision printer drivers for Unix buffer overflows X-Force URL: http://xforce.iss.net/static/5651.php
Date Reported: 12/6/00 Vulnerability: nt-ras-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Host Based Brief Description: Windows NT RAS registry permissions X-Force URL: http://xforce.iss.net/static/5671.php
Date Reported: 12/6/00 Vulnerability: nt-snmp-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT SNMP registry permissions X-Force URL: http://xforce.iss.net/static/5672.php
Date Reported: 12/6/00 Vulnerability: nt-mts-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT MTS registry permissions X-Force URL: http://xforce.iss.net/static/5673.php
Date Reported: 12/6/00 Vulnerability: irc-bitchx-dns-bo Platforms Affected: BitchX Risk Factor: High Attack Type: Network Based Brief Description: BitchX IRC DNS buffer overflow X-Force URL: http://xforce.iss.net/static/5701.php
Date Reported: 12/5/00 Vulnerability: ibm-db2-gain-access Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database can give access through default username and password X-Force URL: http://xforce.iss.net/static/5662.php
Date Reported: 12/5/00 Vulnerability: ibm-db2-dos Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database denial of service X-Force URL: http://xforce.iss.net/static/5664.php
Date Reported: 12/5/00 Vulnerability: vsu-source-routing Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain source routing X-Force URL: http://xforce.iss.net/static/5667.php
Date Reported: 12/5/00 Vulnerability: vsu-ip-bridging Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain bridging code X-Force URL: http://xforce.iss.net/static/5670.php
Date Reported: 12/5/00 Vulnerability: ftp-servu-homedir-travers Platforms Affected: Serv-U FTP Risk Factor: High Attack Type: Network/Host Based Brief Description: FTP Serv-U home directory traversal could allow access to FTProot X-Force URL: http://xforce.iss.net/static/5639.php
Date Reported: 12/4/00 Vulnerability: cisco-cbos-web-access Platforms Affected: CISCO CBOS Risk Factor: Medium Attack Type: Network Based Brief Description: Cisco CBOS Web access enabled denial of service X-Force URL: http://xforce.iss.net/static/5626.php
Date Reported: 12/4/00 Vulnerability: watchguard-soho-get-dos Platforms Affected: WatchGuard SOHO Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall multiple GET requests denial of service X-Force URL: http://xforce.iss.net/static/5665.php
Date Reported: 12/4/00 Vulnerability: phone-book-service-bo Platforms Affected: Windows 2000 Windows NT Risk Factor: High Attack Type: Network Based Brief Description: Windows NT and 2000 Phone Book service buffer overflow X-Force URL: http://xforce.iss.net/static/5623.php
Date Reported: 12/4/00 Vulnerability: cisco-cbos-syn-packets Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS SYN packets denial of service X-Force URL: http://xforce.iss.net/static/5627.php
Date Reported: 12/4/00 Vulnerability: cisco-cbos-invalid-login Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS does not log invalid logins X-Force URL: http://xforce.iss.net/static/5628.php
Date Reported: 12/4/00 Vulnerability: cisco-cbos-icmp-echo Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS large ICMP ECHO packet denial of service X-Force URL: http://xforce.iss.net/static/5629.php
Date Reported: 12/2/00 Vulnerability: phpweblog-bypass-authentication Platforms Affected: phpWebLog Risk Factor: High Attack Type: Host Based Brief Description: phpWebLog allows users to bypass authentication X-Force URL: http://xforce.iss.net/static/5625.php
Date Reported: 12/1/00 Vulnerability: linux-diskcheck-race-symlink Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux diskcheck race condition could allow a tmp file symbolic link attack X-Force URL: http://xforce.iss.net/static/5624.php
Date Reported: 12/1/00 Vulnerability: ie-form-file-upload Platforms Affected: Microsoft Internet Explorer Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Internet Explorer file upload form X-Force URL: http://xforce.iss.net/static/5615.php
Date Reported: 12/1/00 Vulnerability: mssql-xp-paraminfo-bo Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Description: Microsoft SQL XP srv_paraminfo() buffer overflow X-Force URL: http://xforce.iss.net/static/5622.php
Date Reported: 12/1/00 Vulnerability: majordomo-auth-execute-commands Platforms Affected: Majordomo Risk Factor: High Attack Type: Network Based Brief Description: Majordomo allows administrative access without password X-Force URL: http://xforce.iss.net/static/5611.php
Date Reported: 12/1/00 Vulnerability: ie-print-template Platforms Affected: Microsoft Internet Explorer Risk Factor: High Attack Type: Network/Host Based Brief Description: Internet Explorer print template X-Force URL: http://xforce.iss.net/static/5614.php
Date Reported: 12/1/00 Vulnerability: aix-piobe-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX piobe buffer overflow X-Force URL: http://xforce.iss.net/static/5616.php
Date Reported: 12/1/00 Vulnerability: aix-pioout-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX pioout buffer overflow X-Force URL: http://xforce.iss.net/static/5617.php
Date Reported: 12/1/00 Vulnerability: aix-setclock-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setclock buffer overflow X-Force URL: http://xforce.iss.net/static/5618.php
Date Reported: 12/1/00 Vulnerability: aix-enq-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX enq buffer overflow X-Force URL: http://xforce.iss.net/static/5619.php
Date Reported: 12/1/00 Vulnerability: aix-digest-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX digest buffer overflow X-Force URL: http://xforce.iss.net/static/5620.php
Date Reported: 12/1/00 Vulnerability: aix-setsenv-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setsenv buffer overflow X-Force URL: http://xforce.iss.net/static/5621.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
Additional Information
This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes).
About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOmd8xjRfJiV99eG9AQHGkAQAgX36zVSxItnmE160WG5ws5c6tp0F0Sr0 LLmTWkj7iiYUNv2dKxsw0L4IxItVyilHBYDDrQtjpD76ABE1YhaU2qxlFCeNqMoL r21MXXYy0JZWfMCU+t7dk7VNtDzy/0EpbZIcBqziisvQJYgUin3viD54QK+gsYIw jbM10AXVSHw= =5U+8 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200102-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "ibm",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#610904"
},
{
"db": "CERT/CC",
"id": "VU#739201"
},
{
"db": "CERT/CC",
"id": "VU#808633"
},
{
"db": "CERT/CC",
"id": "VU#886953"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"cve": "CVE-2001-0039",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-2861",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0039",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#610904",
"trust": 0.8,
"value": "3.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#739201",
"trust": 0.8,
"value": "7.09"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#808633",
"trust": 0.8,
"value": "5.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#872257",
"trust": 0.8,
"value": "7.09"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#886953",
"trust": 0.8,
"value": "15.19"
},
{
"author": "CNNVD",
"id": "CNNVD-200102-106",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-2861",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#610904"
},
{
"db": "CERT/CC",
"id": "VU#739201"
},
{
"db": "CERT/CC",
"id": "VU#808633"
},
{
"db": "CERT/CC",
"id": "VU#872257"
},
{
"db": "CERT/CC",
"id": "VU#886953"
},
{
"db": "VULHUB",
"id": "VHN-2861"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes. The Oracle LDAP Daemon (oidldapd version 2.1.1.1), which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. There is a vulnerability in IPSwitch IMail version 6.0.5. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nJanuary 1, 2001\nVolume 6 Number 2\n\nThe following computer security issues have been publicly reported and \ndocumented in the X-Force Vulnerability and Threat Database\n(http://xforce.iss.net). \n\nThis document is available at\nhttp://xforce.iss.net/alerts/vol-06_num-02.php. To receive these Alert\nSummaries:\n- - Subscribe to the Alert mailing list from \nhttp://xforce.iss.net/maillists/index.php\n- -\tOr send an email to majordomo@iss.net, and within the body of the\nmessage type: \n- -\t\u0027subscribe alert\u0027 (without the quotes). \n_____\n\nContents\n\n115 Reported Vulnerabilities\n\nRisk Factor Key\n\n_____\n\nDate Reported: 12/31/00\nVulnerability: exmh-error-symlink\nPlatforms Affected: exmh 2.2 and earlier\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: exmh error message symlink\nX-Force URL: http://xforce.iss.net/static/5829.php\n\n_____\n\nDate Reported: 12/30/00\nVulnerability: informix-webdriver-symlink\nPlatforms Affected: Informix Webdriver\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Informix Webdriver symbolic link\nX-Force URL: http://xforce.iss.net/static/5827.php\n\n_____\n\nDate Reported: 12/30/00\nVulnerability: informix-webdriver-admin-access\nPlatforms Affected: Informix Webdriver\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Informix Webdriver remote Admin access\nX-Force URL: http://xforce.iss.net/static/5833.php\n\n_____\n\nDate Reported: 12/29/00\nVulnerability: zonealarm-mutex-dos\nPlatforms Affected: ZoneAlarm Pro\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: ZoneAlarm and ZoneAlarm Pro Mutex creation denial\nof service\nX-Force URL: http://xforce.iss.net/static/5821.php\n\n_____\n\nDate Reported: 12/29/00\nVulnerability: zonealarm-batfile-dos\nPlatforms Affected: ZoneAlarm Pro\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: ZoneAlarm and ZoneAlarm Pro can be taken down with\na batch file\nX-Force URL: http://xforce.iss.net/static/5822.php\n\n_____\n\nDate Reported: 12/29/00\nVulnerability: shockwave-flash-swf-bo\nPlatforms Affected: Shockwave Plugin 8.0 and prior\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Shockwave Flash SWF file buffer overflow\nX-Force URL: http://xforce.iss.net/static/5826.php\n\n_____\n\nDate Reported: 12/29/00\nVulnerability: macos-multiple-users\nPlatforms Affected: MacOS 9.0\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Mac OS \u0027Multiple Users\u0027 bypass password\nX-Force URL: http://xforce.iss.net/static/5830.php\n\n_____\n\nDate Reported: 12/28/00\nVulnerability: http-cgi-ikonboard\nPlatforms Affected: Ikonboard 2.1.7b and prior\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Ikonboard allows remote attacker to execute\ncommands\nX-Force URL: http://xforce.iss.net/static/5819.php\n\n_____\n\nDate Reported: 12/27/00\nVulnerability: http-cgi-technote-main\nPlatforms Affected: TECH-NOTE (000, 2001, Pro)\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: TECH-NOTE main.cgi reveals files\nX-Force URL: http://xforce.iss.net/static/5813.php\n\n_____\n\nDate Reported: 12/26/00\nVulnerability: xwindows-char-dos\nPlatforms Affected: XFree86\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: X Windows multiple character denial of service\nX-Force URL: http://xforce.iss.net/static/5834.php\n\n_____\n\nDate Reported: 12/25/00\nVulnerability: 1stup-mail-server-bo\nPlatforms Affected: 1st Up Mail Server 4.1\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: 1st Up Mail Server buffer overflow\nX-Force URL: http://xforce.iss.net/static/5808.php\n\n_____\n\nDate Reported: 12/25/00\nVulnerability: dialog-symlink\nPlatforms Affected: Linux Debian 2.2\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Linux dialog package symlink attack\nX-Force URL: http://xforce.iss.net/static/5809.php\n\n_____\n\nDate Reported: 12/25/00\nVulnerability: ibm-wcs-admin\nPlatforms Affected: IBM Websphere Commerce Suite\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: IBM WCS admin.config allows user to execute\narbitrary commands\nX-Force URL: http://xforce.iss.net/static/5831.php\n\n_____\n\nDate Reported: 12/23/00\nVulnerability: http-cgi-technote-print\nPlatforms Affected: TECH-NOTE (2000, 2001, Pro)\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: TECH-NOTE print.cgi reveals files\nX-Force URL: http://xforce.iss.net/static/5815.php\n\n_____\n\nDate Reported: 12/22/00\nVulnerability: iis-web-form-submit\nPlatforms Affected: IIS (4.0, 5.0)\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IIS Web form submission\nX-Force URL: http://xforce.iss.net/static/5823.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: hpux-kermit-bo\nPlatforms Affected: HPUX (10.01, 10.10, 10.20, 11.00)\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP-UX kermit buffer overflow\nX-Force URL: http://xforce.iss.net/static/5793.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: bsguest-cgi-execute-commands\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: bsguest.cgi allows remote execution of commands on\nserver\nX-Force URL: http://xforce.iss.net/static/5796.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: bslist-cgi-execute-commands\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: bslist.cgi allows remote execution of commands on\nserver\nX-Force URL: http://xforce.iss.net/static/5797.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: infinite-interchange-dos\nPlatforms Affected: Infinite Interchange 3.61\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Infinite InterChange denial of service\nX-Force URL: http://xforce.iss.net/static/5798.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: oracle-execute-plsql\nPlatforms Affected: Oracle Application Server\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Oracle remote procedure execution\nX-Force URL: http://xforce.iss.net/static/5817.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: ksh-redirection-symlink\nPlatforms Affected: IRIX (6.2, 6.5.x)\n Solaris (2.5.1, 2.6, 7)\n HPUX 9.00\n Digital Unix 5.0\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: ksh redirection symlink attack\nX-Force URL: http://xforce.iss.net/static/5811.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: oracle-webdb-admin-access\nPlatforms Affected: Oracle Internet Application Server 3.0.7\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Oracle IAS allows administrative access\nX-Force URL: http://xforce.iss.net/static/5818.php\n\n_____\n\nDate Reported: 12/21/00\nVulnerability: infinite-interchange-dos\nPlatforms Affected: Infinite Interchange 3.61\nRisk Factor: Web Scan\nAttack Type: Network/Host Based\nBrief Description: Infinite InterChange denial of service\nX-Force URL: http://xforce.iss.net/static/5798.php\n\n_____\n\nDate Reported: 12/20/00\nVulnerability: gnupg-detached-sig-modify\nPlatforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3)\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: GnuPG allows users to modify signed messages with\ndetached signatures\nX-Force URL: http://xforce.iss.net/static/5802.php\n\n_____\n\nDate Reported: 12/20/00\nVulnerability: gnupg-reveal-private\nPlatforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3)\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: GnuPG will import private keys along with public\nkeys\nX-Force URL: http://xforce.iss.net/static/5803.php\n\n_____\n\nDate Reported: 12/20/00\nVulnerability: zonealarm-nmap-scans\nPlatforms Affected: ZoneAlarm\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ZoneAlarm does not detect NMAP scans\nX-Force URL: http://xforce.iss.net/static/5799.php\n\n_____\n\nDate Reported: 12/20/00\nVulnerability: zonealarm-open-shares\nPlatforms Affected: ZoneAlarm\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ZoneAlarm open shares\nX-Force URL: http://xforce.iss.net/static/5825.php\n\n_____\n\nDate Reported: 12/19/00\nVulnerability: win2k-index-service-activex\nPlatforms Affected: Windows 2000\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: Windows 2000 Index Service ActiveX controls allow\nunauthorized access to file information\nX-Force URL: http://xforce.iss.net/static/5800.php\n\n_____\n\nDate Reported: 12/19/00\nVulnerability: proftpd-size-memory-leak\nPlatforms Affected: Proftpd\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: proftpd memory leak when using SIZE command\nX-Force URL: http://xforce.iss.net/static/5801.php\n\n_____\n\nDate Reported: 12/19/00\nVulnerability: weblogic-dot-bo\nPlatforms Affected: WebLogic\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BEA WebLogic Server \"dotdot\" URL buffer overflow\nX-Force URL: http://xforce.iss.net/static/5782.php\n\n_____\n\nDate Reported: 12/19/00\nVulnerability: mdaemon-imap-dos\nPlatforms Affected: MDaemon\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: MDaemon IMAP buffer overflow denial of service\nX-Force URL: http://xforce.iss.net/static/5805.php\n\n_____\n\nDate Reported: 12/19/00\nVulnerability: zope-calculate-roles\nPlatforms Affected: Zp[e\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: zope package in Linux calculates local roles\nincorrectly\nX-Force URL: http://xforce.iss.net/static/5777.php\n\n_____\n\nDate Reported: 12/19/00\nVulnerability: itetris-svgalib-path\nPlatforms Affected: svgalib\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Itetris svgalib PATH\nX-Force URL: http://xforce.iss.net/static/5795.php\n\n_____\n\nDate Reported: 12/18/00\nVulnerability: bsd-ftpd-replydirname-bo\nPlatforms Affected: BSD Based Operating Systems\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: BSD ftpd replydirname() function buffer overflow\nX-Force URL: http://xforce.iss.net/static/5776.php\n\n_____\n\nDate Reported: 12/18/00\nVulnerability: sonata-command-execute\nPlatforms Affected: Sonata\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Sonata argument command line execution\nX-Force URL: http://xforce.iss.net/static/5787.php\n\n_____\n\nDate Reported: 12/18/00\nVulnerability: solaris-catman-symlink\nPlatforms Affected: Solaris\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris catman command symlink attack\nX-Force URL: http://xforce.iss.net/static/5788.php\n\n_____\n\nDate Reported: 12/18/00\nVulnerability: solaris-patchadd-symlink\nPlatforms Affected: Solaris\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Solaris patchadd symlink attack\nX-Force URL: http://xforce.iss.net/static/5789.php\n\n_____\n\nDate Reported: 12/18/00\nVulnerability: stunnel-format-logfile\nPlatforms Affected: Stunnel\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Stunnel format allows user to write to logfile\nX-Force URL: http://xforce.iss.net/static/5807.php\n\n_____\n\nDate Reported: 12/17/00\nVulnerability: hp-top-sys-files\nPlatforms Affected: HPUX\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: HP-UX top command could be used to overwrite files\nX-Force URL: http://xforce.iss.net/static/5773.php\n\n_____\n\nDate Reported: 12/16/00\nVulnerability: zope-legacy-names\nPlatforms Affected: Zope\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Linux zope package \"legacy\" names\nX-Force URL: http://xforce.iss.net/static/5824.php\n\n_____\n\nDate Reported: 12/15/00\nVulnerability: mrj-runtime-malicious-applets\nPlatforms Affected: MRJ\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: MRJ runtime environment could allow malicious\napplets to be executed\nX-Force URL: http://xforce.iss.net/static/5784.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: coffeecup-ftp-weak-encryption\nPlatforms Affected: CoffeeCup FTP\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: CoffeeCup FTP client has weak password encryption\nX-Force URL: http://xforce.iss.net/static/5744.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: watchguard-soho-fragmented-packets\nPlatforms Affected: WatchGuard\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: WatchGuard SOHO Firewall fragmented IP packet\nattack\nX-Force URL: http://xforce.iss.net/static/5749.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: jpilot-perms\nPlatforms Affected: J-Pilot\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: J-Pilot permissions could reveal sensitive\ninformation\nX-Force URL: http://xforce.iss.net/static/5762.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: mediaservices-dropped-connection-dos\nPlatforms Affected: Microsoft Media Services\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Microsoft Media Services dropped connection denial\nof service\nX-Force URL: http://xforce.iss.net/static/5785.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: watchguard-soho-web-auth\nPlatforms Affected: WatchGuard\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WatchGuard SOHO Web config server could allow\nunauthenticated access\nX-Force URL: http://xforce.iss.net/static/5554.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: watchguard-soho-passcfg-reset\nPlatforms Affected: WatchGuard\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WatchGuard SOHO administrator password can be\nremotely reset\nX-Force URL: http://xforce.iss.net/static/5742.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: http-cgi-simplestguest\nPlatforms Affected: simplestguest.cgi\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: simplestguest.cgi input validation error\nX-Force URL: http://xforce.iss.net/static/5743.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: safeword-palm-pin-extraction\nPlatforms Affected: SafeWord\n e.iD Palm Authenticator\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: SafeWord and e.iD Palm Authenticator allows\nattacker to clone Palm device\nX-Force URL: http://xforce.iss.net/static/5753.php\n\n_____\n\nDate Reported: 12/14/00\nVulnerability: mdaemon-lock-bypass-password\nPlatforms Affected: MDaemon\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: MDaemon \"lock\" bypass password\nX-Force URL: http://xforce.iss.net/static/5763.php\n\n_____\n\nDate Reported: 12/13/00\nVulnerability: cisco-catalyst-ssh-mismatch\nPlatforms Affected: Cisco Catalyst\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: Cisco Catalyst SSH protocol mismatch\nX-Force URL: http://xforce.iss.net/static/5760.php\n\n_____\n\nDate Reported: 12/13/00\nVulnerability: microsoft-iis-file-disclosure\nPlatforms Affected: IIS\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Microsoft IIS Far East editions file disclosure\nX-Force URL: http://xforce.iss.net/static/5729.php\n\n_____\n\nDate Reported: 12/13/00\nVulnerability: ezshopper-cgi-file-disclosure\nPlatforms Affected: loadpage.cgi\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: EZshopper loadpage.cgi file disclosure\nX-Force URL: http://xforce.iss.net/static/5740.php\n\n_____\n\nDate Reported: 12/13/00\nVulnerability: winnt-mstask-dos\nPlatforms Affected: Windows NT\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Windows NT MSTask.exe denial of service\nX-Force URL: http://xforce.iss.net/static/5746.php\n\n_____\n\nDate Reported: 12/13/00\nVulnerability: bftpd-site-chown-bo\nPlatforms Affected: BFTPD\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: BFTPD SITE CHOWN buffer overflow\nX-Force URL: http://xforce.iss.net/static/5775.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: aim-remote-bo\nPlatforms Affected: AOL Instant Messenger\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: AOL Instant Messenger buffer overflow\nX-Force URL: http://xforce.iss.net/static/5732.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: subscribemelite-gain-admin-access\nPlatforms Affected: Subscribe Me Lite\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Subscribe Me Lite mailing list manager\nunauthorized access\nX-Force URL: http://xforce.iss.net/static/5735.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: zope-image-file\nPlatforms Affected: Zope\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux zope package Image and File objects\nX-Force URL: http://xforce.iss.net/static/5778.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: http-cgi-everythingform\nPlatforms Affected: everythingform.cgi\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: everythingform.cgi input validation error\nX-Force URL: http://xforce.iss.net/static/5736.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: http-cgi-simplestmail\nPlatforms Affected: simplestmail.cgi\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: simplestmail.cgi input validation error\nX-Force URL: http://xforce.iss.net/static/5739.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: http-cgi-ad\nPlatforms Affected: ad.cgi\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: ad.cgi input validation error\nX-Force URL: http://xforce.iss.net/static/5741.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: kde-kmail-weak-encryption\nPlatforms Affected: KDE KMail\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: KDE KMail weak password encryption\nX-Force URL: http://xforce.iss.net/static/5761.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: aolim-buddyicon-bo\nPlatforms Affected: AOL Instant Messenger\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: AOL Instant Messenger Buddy Icon buffer overflow\nX-Force URL: http://xforce.iss.net/static/5786.php\n\n_____\n\nDate Reported: 12/12/00\nVulnerability: aim-remote-bo\nPlatforms Affected: AOL Instant Messenger\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: AOL Instant Messenger buffer overflow\nX-Force URL: http://xforce.iss.net/static/5732.php\n\n_____\n\nDate Reported: 12/11/00\nVulnerability: rppppoe-zero-length-dos\nPlatforms Affected: rp-pppoe\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: rp-pppoe \"zero-length\" option denial of service\nX-Force URL: http://xforce.iss.net/static/5727.php\n\n_____\n\nDate Reported: 12/11/00\nVulnerability: proftpd-modsqlpw-unauth-access\nPlatforms Affected: ProFTPd\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ProFTPD system using mod_sqlpw unauthorized access\nX-Force URL: http://xforce.iss.net/static/5737.php\n\n_____\n\nDate Reported: 12/11/00\nVulnerability: gnu-ed-symlink\nPlatforms Affected: GNU ed\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: GNU ed symlink\nX-Force URL: http://xforce.iss.net/static/5723.php\n\n_____\n\nDate Reported: 12/11/00\nVulnerability: oops-ftputils-bo\nPlatforms Affected: Oops Proxy Server\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Oops Proxy Server ftp_utils buffer overflow\nX-Force URL: http://xforce.iss.net/static/5725.php\n\n_____\n\nDate Reported: 12/11/00\nVulnerability: oracle-oidldap-write-permission\nPlatforms Affected: Oracle Internet Directory\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Oracle Internet Directory write permission\nX-Force URL: http://xforce.iss.net/static/5804.php\n\n_____\n\nDate Reported: 12/9/00\nVulnerability: foolproof-security-bypass\nPlatforms Affected: FoolProof\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: FoolProof Security restriction bypass using FTP\nX-Force URL: http://xforce.iss.net/static/5758.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: broadvision-bv1to1-reveal-path\nPlatforms Affected: BroadVision One-To-One Enterprise Server\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: BroadVision One-To-One Enterprise Server reveals\npath to server\nX-Force URL: http://xforce.iss.net/static/5661.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: ssldump-format-strings\nPlatforms Affected: ssldump\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ssldump format string could allow arbitrary\nexecution of code\nX-Force URL: http://xforce.iss.net/static/5717.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: coldfusion-sample-dos\nPlatforms Affected: ColdFusion\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: ColdFusion sample script denial of service\nX-Force URL: http://xforce.iss.net/static/5755.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: kerberos4-arbitrary-proxy\nPlatforms Affected: Kerberos 4\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: KTH Kerberos 4 arbitrary proxy enviornment\nvariable\nX-Force URL: http://xforce.iss.net/static/5733.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: kerberos4-auth-packet-overflow\nPlatforms Affected: Kerberos 4\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: KTH Kerberos 4 authentication packet buffer\noverflow\nX-Force URL: http://xforce.iss.net/static/5734.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: kerberos4-user-config\nPlatforms Affected: Kerberos 4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: KTH Kerberos 4 user supplied configuration files\nX-Force URL: http://xforce.iss.net/static/5738.php\n\n_____\n\nDate Reported: 12/8/00\nVulnerability: kerberos4-tmpfile-dos\nPlatforms Affected: Kerberos 4\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: KTH Kerberos 4 race condition\nX-Force URL: http://xforce.iss.net/static/5754.php\n\n_____\n\nDate Reported: 12/7/00\nVulnerability: homeseer-directory-traversal\nPlatforms Affected: HomeSeer\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: HomeSeer allows directory traversal\nX-Force URL: http://xforce.iss.net/static/5663.php\n\n_____\n\nDate Reported: 12/7/00\nVulnerability: offline-explorer-reveal-files\nPlatforms Affected: MetaProducts Offline Explorer\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: MetaProducts Offline Explorer can reveal file\nsystem\nX-Force URL: http://xforce.iss.net/static/5728.php\n\n_____\n\nDate Reported: 12/7/00\nVulnerability: imail-smtp-auth-dos\nPlatforms Affected: IMail\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IMail SMTP auth denial of service\nX-Force URL: http://xforce.iss.net/static/5674.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: apc-apcupsd-dos\nPlatforms Affected: APC apcupsd\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: APC apcupsd denial of service\nX-Force URL: http://xforce.iss.net/static/5654.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: cisco-catalyst-telnet-dos\nPlatforms Affected: Cisco Catalyst\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Cisco Catalyst telnet server memory leak denial of\nservice\nX-Force URL: http://xforce.iss.net/static/5656.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: apache-php-disclose-files\nPlatforms Affected: Apache Web server\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Apache Web server discloses files when used with\nphp script\nX-Force URL: http://xforce.iss.net/static/5659.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: ultraseek-reveal-path\nPlatforms Affected: Ultraseek\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Ultraseek Server can reveal the path and source\ncode to certain files\nX-Force URL: http://xforce.iss.net/static/5660.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: irc-dreamforge-dns-dos\nPlatforms Affected: DreamForge IRCd\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: DreamForge IRCd DNS denial of service\nX-Force URL: http://xforce.iss.net/static/5721.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: mailman-alternate-templates\nPlatforms Affected: MailMan\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: MailMan Alternate Templates form variable allows\nremote attacker to execute commands\nX-Force URL: http://xforce.iss.net/static/5649.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: phpgroupware-include-files\nPlatforms Affected:\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: phpGroupWare include files allows remote attacker\nto execute commands\nX-Force URL: http://xforce.iss.net/static/5650.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: markvision-printer-driver-bo\nPlatforms Affected: Lexmark MarkVision\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Lexmark MarkVision printer drivers for Unix buffer\noverflows\nX-Force URL: http://xforce.iss.net/static/5651.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: nt-ras-reg-perms\nPlatforms Affected: Windows NT\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Windows NT RAS registry permissions\nX-Force URL: http://xforce.iss.net/static/5671.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: nt-snmp-reg-perms\nPlatforms Affected: Windows NT\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Windows NT SNMP registry permissions\nX-Force URL: http://xforce.iss.net/static/5672.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: nt-mts-reg-perms\nPlatforms Affected: Windows NT\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Windows NT MTS registry permissions\nX-Force URL: http://xforce.iss.net/static/5673.php\n\n_____\n\nDate Reported: 12/6/00\nVulnerability: irc-bitchx-dns-bo\nPlatforms Affected: BitchX\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: BitchX IRC DNS buffer overflow\nX-Force URL: http://xforce.iss.net/static/5701.php\n\n_____\n\nDate Reported: 12/5/00\nVulnerability: ibm-db2-gain-access\nPlatforms Affected: IBM DB2\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IBM DB2 Universal Database can give access through\ndefault username and password\nX-Force URL: http://xforce.iss.net/static/5662.php\n\n_____\n\nDate Reported: 12/5/00\nVulnerability: ibm-db2-dos\nPlatforms Affected: IBM DB2\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IBM DB2 Universal Database denial of service\nX-Force URL: http://xforce.iss.net/static/5664.php\n\n_____\n\nDate Reported: 12/5/00\nVulnerability: vsu-source-routing\nPlatforms Affected: VSU\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: VPNet VSU gateways contain source routing\nX-Force URL: http://xforce.iss.net/static/5667.php\n\n_____\n\nDate Reported: 12/5/00\nVulnerability: vsu-ip-bridging\nPlatforms Affected: VSU\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: VPNet VSU gateways contain bridging code\nX-Force URL: http://xforce.iss.net/static/5670.php\n\n_____\n\nDate Reported: 12/5/00\nVulnerability: ftp-servu-homedir-travers\nPlatforms Affected: Serv-U FTP\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: FTP Serv-U home directory traversal could allow\naccess to FTProot\nX-Force URL: http://xforce.iss.net/static/5639.php\n\n_____\n\nDate Reported: 12/4/00\nVulnerability: cisco-cbos-web-access\nPlatforms Affected: CISCO CBOS\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Cisco CBOS Web access enabled denial of service\nX-Force URL: http://xforce.iss.net/static/5626.php\n\n_____\n\nDate Reported: 12/4/00\nVulnerability: watchguard-soho-get-dos\nPlatforms Affected: WatchGuard SOHO\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: WatchGuard SOHO Firewall multiple GET requests\ndenial of service\nX-Force URL: http://xforce.iss.net/static/5665.php\n\n_____\n\nDate Reported: 12/4/00\nVulnerability: phone-book-service-bo\nPlatforms Affected: Windows 2000\n Windows NT\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Windows NT and 2000 Phone Book service buffer\noverflow\nX-Force URL: http://xforce.iss.net/static/5623.php\n\n_____\n\nDate Reported: 12/4/00\nVulnerability: cisco-cbos-syn-packets\nPlatforms Affected: CISCO CBOS\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Cisco CBOS SYN packets denial of service\nX-Force URL: http://xforce.iss.net/static/5627.php\n\n_____\n\nDate Reported: 12/4/00\nVulnerability: cisco-cbos-invalid-login\nPlatforms Affected: CISCO CBOS\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Cisco CBOS does not log invalid logins\nX-Force URL: http://xforce.iss.net/static/5628.php\n\n_____\n\nDate Reported: 12/4/00\nVulnerability: cisco-cbos-icmp-echo\nPlatforms Affected: CISCO CBOS\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Cisco CBOS large ICMP ECHO packet denial of\nservice\nX-Force URL: http://xforce.iss.net/static/5629.php\n\n_____\n\nDate Reported: 12/2/00\nVulnerability: phpweblog-bypass-authentication\nPlatforms Affected: phpWebLog\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: phpWebLog allows users to bypass authentication\nX-Force URL: http://xforce.iss.net/static/5625.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: linux-diskcheck-race-symlink\nPlatforms Affected: Linux\nRisk Factor: Low\nAttack Type: Host Based\nBrief Description: Linux diskcheck race condition could allow a tmp\nfile symbolic link attack\nX-Force URL: http://xforce.iss.net/static/5624.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: ie-form-file-upload\nPlatforms Affected: Microsoft Internet Explorer\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Internet Explorer file upload form\nX-Force URL: http://xforce.iss.net/static/5615.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: mssql-xp-paraminfo-bo\nPlatforms Affected:\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Microsoft SQL XP srv_paraminfo() buffer overflow\nX-Force URL: http://xforce.iss.net/static/5622.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: majordomo-auth-execute-commands\nPlatforms Affected: Majordomo\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Majordomo allows administrative access without\npassword\nX-Force URL: http://xforce.iss.net/static/5611.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: ie-print-template\nPlatforms Affected: Microsoft Internet Explorer\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Internet Explorer print template\nX-Force URL: http://xforce.iss.net/static/5614.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: aix-piobe-bo\nPlatforms Affected: AIX\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AIX piobe buffer overflow\nX-Force URL: http://xforce.iss.net/static/5616.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: aix-pioout-bo\nPlatforms Affected: AIX\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AIX pioout buffer overflow\nX-Force URL: http://xforce.iss.net/static/5617.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: aix-setclock-bo\nPlatforms Affected: AIX\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AIX setclock buffer overflow\nX-Force URL: http://xforce.iss.net/static/5618.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: aix-enq-bo\nPlatforms Affected: AIX\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AIX enq buffer overflow\nX-Force URL: http://xforce.iss.net/static/5619.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: aix-digest-bo\nPlatforms Affected: AIX\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AIX digest buffer overflow\nX-Force URL: http://xforce.iss.net/static/5620.php\n\n_____\n\nDate Reported: 12/1/00\nVulnerability: aix-setsenv-bo\nPlatforms Affected: AIX\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: AIX setsenv buffer overflow\nX-Force URL: http://xforce.iss.net/static/5621.php\n\n\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n\n_____\n\nAdditional Information\n\nThis document is available at http://xforce.iss.net/alerts/advisennn.php. \nTo receive these Alerts and Advisories:\n- - Subscribe to the Alert mailing list from\nhttp://xforce.iss.net/maillists/index.php\n- - Or send an email to majordomo@iss.net, and within the body of the\nmessage type: \n\u0027subscribe alert\u0027 (without the quotes). \n\n\nAbout Internet Security Systems (ISS)\nInternet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading\nglobal provider of security management solutions for the Internet. \nBy combining best of breed products, security management services, \naggressive research and development, and comprehensive educational \nand consulting services, ISS is the trusted security advisor for \nthousands of organizations around the world looking to protect their \nmission critical information and networks. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this\nAlert in any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOmd8xjRfJiV99eG9AQHGkAQAgX36zVSxItnmE160WG5ws5c6tp0F0Sr0\nLLmTWkj7iiYUNv2dKxsw0L4IxItVyilHBYDDrQtjpD76ABE1YhaU2qxlFCeNqMoL\nr21MXXYy0JZWfMCU+t7dk7VNtDzy/0EpbZIcBqziisvQJYgUin3viD54QK+gsYIw\njbM10AXVSHw=\n=5U+8\n-----END PGP SIGNATURE-----\n\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0039"
},
{
"db": "CERT/CC",
"id": "VU#610904"
},
{
"db": "CERT/CC",
"id": "VU#739201"
},
{
"db": "CERT/CC",
"id": "VU#808633"
},
{
"db": "CERT/CC",
"id": "VU#872257"
},
{
"db": "CERT/CC",
"id": "VU#886953"
},
{
"db": "VULHUB",
"id": "VHN-2861"
},
{
"db": "PACKETSTORM",
"id": "24096"
}
],
"trust": 4.68
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-0039",
"trust": 1.7
},
{
"db": "BID",
"id": "2083",
"trust": 1.7
},
{
"db": "XF",
"id": "5804",
"trust": 0.9
},
{
"db": "XF",
"id": "5618",
"trust": 0.9
},
{
"db": "XF",
"id": "5620",
"trust": 0.9
},
{
"db": "XF",
"id": "5619",
"trust": 0.9
},
{
"db": "XF",
"id": "5621",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#610904",
"trust": 0.8
},
{
"db": "BID",
"id": "2035",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#739201",
"trust": 0.8
},
{
"db": "BID",
"id": "2033",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#808633",
"trust": 0.8
},
{
"db": "BID",
"id": "2034",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#872257",
"trust": 0.8
},
{
"db": "BID",
"id": "2032",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#886953",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106",
"trust": 0.7
},
{
"db": "XF",
"id": "5674",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20001206 DOS BY SMTP AUTH COMMAND IN IPSWITCH IMAIL SERVER",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-2861",
"trust": 0.1
},
{
"db": "XF",
"id": "5629",
"trust": 0.1
},
{
"db": "XF",
"id": "5825",
"trust": 0.1
},
{
"db": "XF",
"id": "5626",
"trust": 0.1
},
{
"db": "XF",
"id": "5776",
"trust": 0.1
},
{
"db": "XF",
"id": "5616",
"trust": 0.1
},
{
"db": "XF",
"id": "5797",
"trust": 0.1
},
{
"db": "XF",
"id": "5740",
"trust": 0.1
},
{
"db": "XF",
"id": "5831",
"trust": 0.1
},
{
"db": "XF",
"id": "5827",
"trust": 0.1
},
{
"db": "XF",
"id": "5823",
"trust": 0.1
},
{
"db": "XF",
"id": "5758",
"trust": 0.1
},
{
"db": "XF",
"id": "5777",
"trust": 0.1
},
{
"db": "XF",
"id": "5664",
"trust": 0.1
},
{
"db": "XF",
"id": "5611",
"trust": 0.1
},
{
"db": "XF",
"id": "5650",
"trust": 0.1
},
{
"db": "XF",
"id": "5818",
"trust": 0.1
},
{
"db": "XF",
"id": "5738",
"trust": 0.1
},
{
"db": "XF",
"id": "5662",
"trust": 0.1
},
{
"db": "XF",
"id": "5732",
"trust": 0.1
},
{
"db": "XF",
"id": "5739",
"trust": 0.1
},
{
"db": "XF",
"id": "5785",
"trust": 0.1
},
{
"db": "XF",
"id": "5787",
"trust": 0.1
},
{
"db": "XF",
"id": "5734",
"trust": 0.1
},
{
"db": "XF",
"id": "5743",
"trust": 0.1
},
{
"db": "XF",
"id": "5821",
"trust": 0.1
},
{
"db": "XF",
"id": "5639",
"trust": 0.1
},
{
"db": "XF",
"id": "5622",
"trust": 0.1
},
{
"db": "XF",
"id": "5796",
"trust": 0.1
},
{
"db": "XF",
"id": "5829",
"trust": 0.1
},
{
"db": "XF",
"id": "5755",
"trust": 0.1
},
{
"db": "XF",
"id": "5625",
"trust": 0.1
},
{
"db": "XF",
"id": "5833",
"trust": 0.1
},
{
"db": "XF",
"id": "5778",
"trust": 0.1
},
{
"db": "XF",
"id": "5773",
"trust": 0.1
},
{
"db": "XF",
"id": "5717",
"trust": 0.1
},
{
"db": "XF",
"id": "5617",
"trust": 0.1
},
{
"db": "XF",
"id": "5728",
"trust": 0.1
},
{
"db": "XF",
"id": "5736",
"trust": 0.1
},
{
"db": "XF",
"id": "5753",
"trust": 0.1
},
{
"db": "XF",
"id": "5627",
"trust": 0.1
},
{
"db": "XF",
"id": "5651",
"trust": 0.1
},
{
"db": "XF",
"id": "5815",
"trust": 0.1
},
{
"db": "XF",
"id": "5822",
"trust": 0.1
},
{
"db": "XF",
"id": "5744",
"trust": 0.1
},
{
"db": "XF",
"id": "5834",
"trust": 0.1
},
{
"db": "XF",
"id": "5554",
"trust": 0.1
},
{
"db": "XF",
"id": "5789",
"trust": 0.1
},
{
"db": "XF",
"id": "5615",
"trust": 0.1
},
{
"db": "XF",
"id": "5742",
"trust": 0.1
},
{
"db": "XF",
"id": "5741",
"trust": 0.1
},
{
"db": "XF",
"id": "5824",
"trust": 0.1
},
{
"db": "XF",
"id": "5793",
"trust": 0.1
},
{
"db": "XF",
"id": "5614",
"trust": 0.1
},
{
"db": "XF",
"id": "5763",
"trust": 0.1
},
{
"db": "XF",
"id": "5723",
"trust": 0.1
},
{
"db": "XF",
"id": "5654",
"trust": 0.1
},
{
"db": "XF",
"id": "5826",
"trust": 0.1
},
{
"db": "XF",
"id": "5782",
"trust": 0.1
},
{
"db": "XF",
"id": "5663",
"trust": 0.1
},
{
"db": "XF",
"id": "5628",
"trust": 0.1
},
{
"db": "XF",
"id": "5805",
"trust": 0.1
},
{
"db": "XF",
"id": "5798",
"trust": 0.1
},
{
"db": "XF",
"id": "5762",
"trust": 0.1
},
{
"db": "XF",
"id": "5721",
"trust": 0.1
},
{
"db": "XF",
"id": "5784",
"trust": 0.1
},
{
"db": "XF",
"id": "5671",
"trust": 0.1
},
{
"db": "XF",
"id": "5623",
"trust": 0.1
},
{
"db": "XF",
"id": "5725",
"trust": 0.1
},
{
"db": "XF",
"id": "5809",
"trust": 0.1
},
{
"db": "XF",
"id": "5795",
"trust": 0.1
},
{
"db": "XF",
"id": "5673",
"trust": 0.1
},
{
"db": "XF",
"id": "5801",
"trust": 0.1
},
{
"db": "XF",
"id": "5729",
"trust": 0.1
},
{
"db": "XF",
"id": "5830",
"trust": 0.1
},
{
"db": "XF",
"id": "5817",
"trust": 0.1
},
{
"db": "XF",
"id": "5701",
"trust": 0.1
},
{
"db": "XF",
"id": "5788",
"trust": 0.1
},
{
"db": "XF",
"id": "5808",
"trust": 0.1
},
{
"db": "XF",
"id": "5735",
"trust": 0.1
},
{
"db": "XF",
"id": "5819",
"trust": 0.1
},
{
"db": "XF",
"id": "5754",
"trust": 0.1
},
{
"db": "XF",
"id": "5649",
"trust": 0.1
},
{
"db": "XF",
"id": "5807",
"trust": 0.1
},
{
"db": "XF",
"id": "5660",
"trust": 0.1
},
{
"db": "XF",
"id": "5661",
"trust": 0.1
},
{
"db": "XF",
"id": "5746",
"trust": 0.1
},
{
"db": "XF",
"id": "5624",
"trust": 0.1
},
{
"db": "XF",
"id": "5775",
"trust": 0.1
},
{
"db": "XF",
"id": "5761",
"trust": 0.1
},
{
"db": "XF",
"id": "5733",
"trust": 0.1
},
{
"db": "XF",
"id": "5727",
"trust": 0.1
},
{
"db": "XF",
"id": "5813",
"trust": 0.1
},
{
"db": "XF",
"id": "5656",
"trust": 0.1
},
{
"db": "XF",
"id": "5799",
"trust": 0.1
},
{
"db": "XF",
"id": "5665",
"trust": 0.1
},
{
"db": "XF",
"id": "5737",
"trust": 0.1
},
{
"db": "XF",
"id": "5659",
"trust": 0.1
},
{
"db": "XF",
"id": "5667",
"trust": 0.1
},
{
"db": "XF",
"id": "5672",
"trust": 0.1
},
{
"db": "XF",
"id": "5749",
"trust": 0.1
},
{
"db": "XF",
"id": "5803",
"trust": 0.1
},
{
"db": "XF",
"id": "5811",
"trust": 0.1
},
{
"db": "XF",
"id": "5786",
"trust": 0.1
},
{
"db": "XF",
"id": "5802",
"trust": 0.1
},
{
"db": "XF",
"id": "5760",
"trust": 0.1
},
{
"db": "XF",
"id": "5800",
"trust": 0.1
},
{
"db": "XF",
"id": "5670",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "24096",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#610904"
},
{
"db": "CERT/CC",
"id": "VU#739201"
},
{
"db": "CERT/CC",
"id": "VU#808633"
},
{
"db": "CERT/CC",
"id": "VU#872257"
},
{
"db": "CERT/CC",
"id": "VU#886953"
},
{
"db": "VULHUB",
"id": "VHN-2861"
},
{
"db": "PACKETSTORM",
"id": "24096"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"id": "VAR-200102-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-2861"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:48:08.812000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2083"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html"
},
{
"trust": 1.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 1.6,
"url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139925+stiy08143+usbin"
},
{
"trust": 1.6,
"url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy08143"
},
{
"trust": 1.6,
"url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137627+stiy08287+usbin"
},
{
"trust": 1.6,
"url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy08287"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5674"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/5804.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/5618.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/5620.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/5619.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/5621.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026mid=152620"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2035"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139817+stiy07831+usbin"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy07831"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137621+stiy07790+usbin"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy07790"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2033"
},
{
"trust": 0.8,
"url": "http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/digest.htm#a26p05a6"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2034"
},
{
"trust": 0.8,
"url": "http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/enq.htm#a200977f"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2032"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da114623+stiy10721+usbin"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy10721"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da123587+stiy08812+usbin"
},
{
"trust": 0.8,
"url": "http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4\u0026srchtype=apar\u0026query=iy08812"
},
{
"trust": 0.8,
"url": "http://www.rs6000.ibm.com/doc_link/en_us/a_doc_lib/cmds/aixcmds5/setsenv.htm#wpg2f0frit"
},
{
"trust": 0.7,
"url": "http://xforce.iss.net/static/5674.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5742.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5775.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5795.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5701.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5813.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5639.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5762.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5830.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5754.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net)."
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5778.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5624.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5739.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5802.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5650.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5651.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5793.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5788.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5717.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5800.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5773.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5822.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5728.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5789.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5815.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5625.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5662.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5760.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5663.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5721.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5626.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5805.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5799.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5827.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5777.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5649.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5819.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5786.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5744.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5808.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5797.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5738.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5664.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5628.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5809.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5622.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5732.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5740.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5670.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5776.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5784.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5803.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5659.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5671.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5734.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5611.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5785.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5616.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5672.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5743.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5614.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5763.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/alerts/vol-06_num-02.php."
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5627.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5617.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5727.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5824.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5818.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5660.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5796.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5615.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5725.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5833.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5787.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5761.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5811.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5729.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5629.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5723.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5829.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5749.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5801.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5755.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5821.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5656.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5834.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5736.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5623.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5735.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5673.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5825.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5753.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5798.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5667.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/maillists/index.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5654.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5817.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/alerts/advisennn.php."
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5823.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5826.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/sensitive.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5554.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5831.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5665.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5741.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5733.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5782.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5807.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5758.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5661.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5737.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/5746.php"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#610904"
},
{
"db": "CERT/CC",
"id": "VU#739201"
},
{
"db": "CERT/CC",
"id": "VU#808633"
},
{
"db": "CERT/CC",
"id": "VU#872257"
},
{
"db": "CERT/CC",
"id": "VU#886953"
},
{
"db": "VULHUB",
"id": "VHN-2861"
},
{
"db": "PACKETSTORM",
"id": "24096"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#610904"
},
{
"db": "CERT/CC",
"id": "VU#739201"
},
{
"db": "CERT/CC",
"id": "VU#808633"
},
{
"db": "CERT/CC",
"id": "VU#872257"
},
{
"db": "CERT/CC",
"id": "VU#886953"
},
{
"db": "VULHUB",
"id": "VHN-2861"
},
{
"db": "PACKETSTORM",
"id": "24096"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-07-09T00:00:00",
"db": "CERT/CC",
"id": "VU#610904"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#739201"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#808633"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#872257"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#886953"
},
{
"date": "2001-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-2861"
},
{
"date": "2001-01-22T23:24:05",
"db": "PACKETSTORM",
"id": "24096"
},
{
"date": "2001-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"date": "2001-02-16T05:00:00",
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-07-09T00:00:00",
"db": "CERT/CC",
"id": "VU#610904"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#739201"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#808633"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#872257"
},
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#886953"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-2861"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200102-106"
},
{
"date": "2017-10-10T01:29:33.263000",
"db": "NVD",
"id": "CVE-2001-0039"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "24096"
},
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Internet Directory LDAP Daemon does not check write permissions properly",
"sources": [
{
"db": "CERT/CC",
"id": "VU#610904"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200102-106"
}
],
"trust": 0.6
}
}
VAR-201103-0114
Vulnerability from variot - Updated: 2024-07-23 21:40The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. plural STARTTLS There is a vulnerability in the implementation of. plural STARTTLS Implementation of a man-in-the-middle attack (man-in-the-middle attack) May insert a command. This vulnerability is due to the fact that switching to ciphertext communication is performed at a lower layer than the application. This vulnerability is only relevant for implementations that perform certificate validation.An arbitrary command may be executed by a remote attacker who can intercept communications. Postfix is a mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ========================================================================== Ubuntu Security Notice USN-1113-1 April 18, 2011
postfix vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary:
An attacker could send crafted input to Postfix and cause it to reveal confidential information. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)
Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. (CVE-2011-0411)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: postfix 2.7.1-1ubuntu0.1
Ubuntu 10.04 LTS: postfix 2.7.0-1ubuntu0.1
Ubuntu 9.10: postfix 2.6.5-3ubuntu0.1
Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.3
Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.3
In general, a standard system update will make all the necessary changes.
References: CVE-2009-2939, CVE-2011-0411
Package Information: https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3 https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3
.
CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution. ----------------------------------------------------------------------
Get a tax break on purchases of Secunia Solutions!
If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/
TITLE: Postfix "STARTTLS" Plaintext Injection Vulnerability
SECUNIA ADVISORY ID: SA43646
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43646/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43646
RELEASE DATE: 2011-03-09
DISCUSS ADVISORY: http://secunia.com/advisories/43646/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43646/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43646
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Postfix, which can be exploited by malicious people to manipulate certain data.
The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase.
The vulnerability is reported in version 2.2 and all releases prior to versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3.
SOLUTION: Update to versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.postfix.org/CVE-2011-0411.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-33
http://security.gentoo.org/
Severity: High Title: Postfix: Multiple vulnerabilities Date: June 25, 2012 Bugs: #358085, #366605 ID: 201206-33
Synopsis
A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution.
Background
Postfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy = to administer, and secure, as an alternative to the widely-used Sendmail program.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-mta/postfix < 2.7.4 >= 2.7.4
Description
A vulnerability have been discovered in Postfix. Please review the CVE identifier referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Postfix users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.7.4"
References
[ 1 ] CVE-2011-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411 [ 2 ] CVE-2011-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-33.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
CVE-2011-1720 A heap-based read-only buffer overflow allows malicious clients to crash the smtpd server process using a crafted SASL authentication request.
For the oldstable distribution (lenny), this problem has been fixed in version 2.5.5-1.1+lenny1.
For the stable distribution (squeeze), this problem has been fixed in version 2.7.1-1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 2.8.0-1.
We recommend that you upgrade your postfix packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw 5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG 2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW DTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN jX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue YNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY= =yCCp -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006
OS X Lion v10.7.2 and Security Update 2011-006 is now available and addresses the following:
Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.20 to address several vulnerabilities, the most serious of which may lead to a denial of service. CVE-2011-0419 does not affect OS X Lion systems. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-0419 CVE-2011-3192
Application Firewall Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Executing a binary with a maliciously crafted name may lead to arbitrary code execution with elevated privileges Description: A format string vulnerability existed in Application Firewall's debug logging. CVE-ID CVE-2011-0185 : an anonymous reporter
ATS Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: A signedness issue existed in ATS' handling of Type 1 fonts. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3437
ATS Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: An out of bounds memory access issue existed in ATS' handling of Type 1 fonts. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0229 : Will Dormann of the CERT/CC
ATS Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Applications which use the ATSFontDeactivate API may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in the ATSFontDeactivate API. CVE-ID CVE-2011-0230 : Steven Michaud of Mozilla
BIND Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in BIND 9.7.3 Description: Multiple denial of service issues existed in BIND 9.7.3. These issues are addressed by updating BIND to version 9.7.3-P3. CVE-ID CVE-2011-1910 CVE-2011-2464
BIND Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in BIND Description: Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3. CVE-ID CVE-2009-4022 CVE-2010-0097 CVE-2010-3613 CVE-2010-3614 CVE-2011-1910 CVE-2011-2464
Certificate Trust Policy Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1. Impact: Root certificates have been updated Description: Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application.
CFNetwork Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Safari may store cookies it is not configured to accept Description: A synchronization issue existed in CFNetwork's handling of cookie policies. Safari's cookie preferences may not be honored, allowing websites to set cookies that would be blocked were the preference enforced. This update addresses the issue through improved handling of cookie storage. CVE-ID CVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin C. Walker, and Stephen Creswell
CFNetwork Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook
CoreFoundation Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization. This issue does not affect OS X Lion systems. This update addresses the issue through improved bounds checking. CVE-ID CVE-2011-0259 : Apple
CoreMedia Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of QuickTime movie files. These issues do not affect OS X Lion systems. CVE-ID CVE-2011-0224 : Apple
CoreProcesses Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A person with physical access to a system may partially bypass the screen lock Description: A system window, such as a VPN password prompt, that appeared while the screen was locked may have accepted keystrokes while the screen was locked. This issue is addressed by preventing system windows from requesting keystrokes while the screen is locked. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-0260 : Clint Tseng of the University of Washington, Michael Kobb, and Adam Kemp
CoreStorage Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Converting to FileVault does not erase all existing data Description: After enabling FileVault, approximately 250MB at the start of the volume was left unencrypted on the disk in an unused area. Only data which was present on the volume before FileVault was enabled was left unencrypted. This issue is addressed by erasing this area when enabling FileVault, and on the first use of an encrypted volume affected by this issue. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3212 : Judson Powers of ATC-NY
File Systems Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information Description: An issue existed in the handling of WebDAV volumes on HTTPS servers. If the server presented a certificate chain that could not be automatically verified, a warning was displayed and the connection was closed. If the user clicked the "Continue" button in the warning dialog, any certificate was accepted on the following connection to that server. An attacker in a privileged network position may have manipulated the connection to obtain sensitive information or take action on the server on the user's behalf. This update addresses the issue by validating that the certificate received on the second connection is the same certificate originally presented to the user. CVE-ID CVE-2011-3213 : Apple
IOGraphics Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: A person with physical access may be able to bypass the screen lock Description: An issue existed with the screen lock when used with Apple Cinema Displays. When a password is required to wake from sleep, a person with physical access may be able to access the system without entering a password if the system is in display sleep mode. This update addresses the issue by ensuring that the lock screen is correctly activated in display sleep mode. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3214 : Apple
iChat Server Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A remote attacker may cause the Jabber server to consume system resources disproportionately Description: An issue existed in the handling of XML external entities in jabberd2, a server for the Extensible Messaging and Presence Protocol (XMPP). jabberd2 expands external entities in incoming requests. This allows an attacker to consume system resources very quickly, denying service to legitimate users of the server. This update addresses the issue by disabling entity expansion in incoming requests. CVE-ID CVE-2011-1755
Kernel Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A person with physical access may be able to access the user's password Description: A logic error in the kernel's DMA protection permitted firewire DMA at loginwindow, boot, and shutdown, although not at screen lock. This update addresses the issue by preventing firewire DMA at all states where the user is not logged in. CVE-ID CVE-2011-3215 : Passware, Inc.
Kernel Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An unprivileged user may be able to delete another user's files in a shared directory Description: A logic error existed in the kernel's handling of file deletions in directories with the sticky bit. CVE-ID CVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer, and Allan Schmid and Oliver Jeckel of brainworks Training
libsecurity Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: An error handling issue existed when parsing a nonstandard certificate revocation list extension. CVE-ID CVE-2011-3227 : Richard Godbee of Virginia Tech
Mailman Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Mailman 2.1.14 Description: Multiple cross-site scripting issues existed in Mailman 2.1.14. These issues are addressed by improved encoding of characters in HTML output. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman- announce/2011-February/000158.html This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0707
MediaKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of disk images. These issues do not affect OS X Lion systems. CVE-ID CVE-2011-3217 : Apple
Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Any user may read another local user's password data Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and Patrick Dunstan at defenseindepth.net
Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An authenticated user may change that account's password without providing the current password Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3436 : Patrick Dunstan at defenceindepth.net
Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A user may be able to log in without a password Description: When Open Directory is bound to an LDAPv3 server using RFC2307 or custom mappings, such that there is no AuthenticationAuthority attribute for a user, an LDAP user may be allowed to log in without a password. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin, Steven Eppler of Colorado Mesa University, Hugh Cole-Baker, and Frederic Metoz of Institut de Biologie Structurale
PHP Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.6. This issue does not affect systems prior to OS X Lion. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-0226
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in libpng 1.4.3 Description: libpng is updated to version 1.5.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2690 CVE-2011-2691 CVE-2011-2692
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in PHP 5.3.4 Description: PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at http://www.php.net/ CVE-ID CVE-2010-3436 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-1467 CVE-2011-1468 CVE-2011-1469 CVE-2011-1470 CVE-2011-1471
postfix Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may manipulate mail sessions, resulting in the disclosure of sensitive information Description: A logic issue existed in Postfix in the handling of the STARTTLS command. After receiving a STARTTLS command, Postfix may process other plain-text commands. An attacker in a privileged network position may manipulate the mail session to obtain sensitive information from the encrypted traffic. This update addresses the issue by clearing the command queue after processing a STARTTLS command. This issue does not affect OS X Lion systems. Further information is available via the Postfix site at http://www.postfix.org/announcements/postfix-2.7.3.html CVE-ID CVE-2011-0411
python Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in python Description: Multiple vulnerabilities existed in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project. Further information is available via the python site at http://www.python.org/download/releases/ CVE-ID CVE-2010-1634 CVE-2010-2089 CVE-2011-1521
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime's handling of movie files. CVE-ID CVE-2011-3228 : Apple
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may inject script in the local domain when viewing template HTML Description: A cross-site scripting issue existed in QuickTime Player's "Save for Web" export. The template HTML files generated by this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is resolved by removing the reference to an online script. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3218 : Aaron Sigel of vtty.com
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of H.264 encoded movie files. CVE-ID CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in QuickTime's handling of URL data handlers within movie files. CVE-ID CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An implementation issue existed in QuickTime's handling of the atom hierarchy within a movie file. CVE-ID CVE-2011-3221 : an anonymous researcher working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FlashPix files. CVE-ID CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FLIC files. CVE-ID CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
SMB File Server Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A guest user may browse shared folders Description: An access control issue existed in the SMB File Server. Disallowing guest access to the share point record for a folder prevented the '_unknown' user from browsing the share point but not guests (user 'nobody'). This issue is addressed by applying the access control to the guest user. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3225
Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.24 Description: Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2010-1157 CVE-2010-2227 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 CVE-2011-0534
User Documentation Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may manipulate App Store help content, leading to arbitrary code execution Description: App Store help content was updated over HTTP. This update addresses the issue by updating App Store help content over HTTPS. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3224 : Aaron Sigel of vtty.com
Web Server Available for: Mac OS X Server v10.6.8 Impact: Clients may be unable to access web services that require digest authentication Description: An issue in the handling of HTTP Digest authentication was addressed. Users may be denied access to the server's resources, when the server configuration should have allowed the access. This issue does not represent a security risk, and was addressed to facilitate the use of stronger authentication mechanisms. Systems running OS X Lion Server are not affected by this issue.
X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in libpng Description: Multiple vulnerabilities existed in libpng, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating libpng to version 1.5.4 on OS Lion systems, and to 1.2.46 on Mac OS X v10.6 systems. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2690 CVE-2011-2691 CVE-2011-2692
OS X Lion v10.7.2 also includes Safari 5.1.1. For information on the security content of Safari 5.1.1, please visit: http://support.apple.com/kb/HT5000
OS X Lion v10.7.2 and Security Update 2011-006 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2011-006 or OS X v10.7.2.
For OS X Lion v10.7.1 The download file is named: MacOSXUpd10.7.2.dmg Its SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229
For OS X Lion v10.7 The download file is named: MacOSXUpdCombo10.7.2.dmg Its SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb
For OS X Lion Server v10.7.1 The download file is named: MacOSXServerUpd10.7.2.dmg Its SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da
For OS X Lion Server v10.7 The download file is named: MacOSXServerUpdCombo10.7.2.dmg Its SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a
For Mac OS X v10.6.8 The download file is named: SecUpd2011-006Snow.dmg Its SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2011-006.dmg Its SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3 TFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md /BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U ZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4 sTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG 69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU= =gsvn -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201103-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.3"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.8"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.1"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.7"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.5"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.6"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.4"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.2"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4.0"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.6,
"vendor": "postfix",
"version": "2.4"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.3"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.7"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.8"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.7"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.9"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.2"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.15"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.0"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.8"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.10"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.12"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.1"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.11"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.5"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.9"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.10"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.2"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.4"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.6"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.0"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.5"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.13"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.2"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.4"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.0"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.3"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.6"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.5.11"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.4.14"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.6.1"
},
{
"model": "postfix",
"scope": "eq",
"trust": 1.0,
"vendor": "postfix",
"version": "2.7.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cyrus imap",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kerio",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postfix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qmail tls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "watchguard",
"version": null
},
{
"model": "proftpd",
"scope": "eq",
"trust": 0.8,
"vendor": "proftpd",
"version": "1.3.3"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0 (x64)"
},
{
"model": "turbolinux client",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2008 and 12.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11 (x64)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux long life",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5.6 server)"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postfix:postfix:2.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "101275"
}
],
"trust": 0.2
},
"cve": "CVE-2011-0411",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-0411",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-48356",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-0411",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#555316",
"trust": 0.8,
"value": "1.39"
},
{
"author": "CNNVD",
"id": "CNNVD-201103-213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-48356",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-0411",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. plural STARTTLS There is a vulnerability in the implementation of. plural STARTTLS Implementation of a man-in-the-middle attack (man-in-the-middle attack) May insert a command. This vulnerability is due to the fact that switching to ciphertext communication is performed at a lower layer than the application. This vulnerability is only relevant for implementations that perform certificate validation.An arbitrary command may be executed by a remote attacker who can intercept communications. Postfix is \u200b\u200ba mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ==========================================================================\nUbuntu Security Notice USN-1113-1\nApril 18, 2011\n\npostfix vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 9.10\n- Ubuntu 8.04 LTS\n- Ubuntu 6.06 LTS\n\nSummary:\n\nAn attacker could send crafted input to Postfix and cause it to reveal\nconfidential information. \nThis issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)\n\nWietse Venema discovered that Postfix incorrectly handled cleartext\ncommands after TLS is in place. (CVE-2011-0411)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.10:\n postfix 2.7.1-1ubuntu0.1\n\nUbuntu 10.04 LTS:\n postfix 2.7.0-1ubuntu0.1\n\nUbuntu 9.10:\n postfix 2.6.5-3ubuntu0.1\n\nUbuntu 8.04 LTS:\n postfix 2.5.1-2ubuntu1.3\n\nUbuntu 6.06 LTS:\n postfix 2.2.10-1ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n CVE-2009-2939, CVE-2011-0411\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1\n https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3\n https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3\n\n\n. \n\nCVE-2011-4130\n\tProFTPD uses a response pool after freeing it under\n\texceptional conditions, possibly leading to remote code\n\texecution. ----------------------------------------------------------------------\n\n\nGet a tax break on purchases of Secunia Solutions!\n\nIf you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at:\nhttp://secunia.com/products/corporate/vim/section_179/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nPostfix \"STARTTLS\" Plaintext Injection Vulnerability\n\nSECUNIA ADVISORY ID:\nSA43646\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43646/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43646\n\nRELEASE DATE:\n2011-03-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43646/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43646/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43646\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Postfix, which can be exploited\nby malicious people to manipulate certain data. \n\nThe vulnerability is caused due to the TLS implementation not\nproperly clearing transport layer buffers when upgrading from\nplaintext to ciphertext after receiving the \"STARTTLS\" command. This\ncan be exploited to insert arbitrary plaintext data (e.g. SMTP\ncommands) during the plaintext phase, which will then be executed\nafter upgrading to the TLS ciphertext phase. \n\nThe vulnerability is reported in version 2.2 and all releases prior\nto versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3. \n\nSOLUTION:\nUpdate to versions 2.4.16, 2.5.12, 2.6.9, and 2.7.3. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.postfix.org/CVE-2011-0411.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-33\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Postfix: Multiple vulnerabilities\n Date: June 25, 2012\n Bugs: #358085, #366605\n ID: 201206-33\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been found in Postfix, the worst of which possibly\nallowing remote code execution. \n\nBackground\n==========\n\nPostfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy =\nto\nadminister, and secure, as an alternative to the widely-used Sendmail\nprogram. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 mail-mta/postfix \u003c 2.7.4 \u003e= 2.7.4\n\nDescription\n===========\n\nA vulnerability have been discovered in Postfix. Please review the CVE\nidentifier referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Postfix users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=mail-mta/postfix-2.7.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-0411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411\n[ 2 ] CVE-2011-1720\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-33.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-2939\n The postinst script grants the postfix user write access to\n /var/spool/postfix/pid, which might allow local users to\n conduct symlink attacks that overwrite arbitrary files. \n\nCVE-2011-1720\n A heap-based read-only buffer overflow allows malicious\n clients to crash the smtpd server process using a crafted SASL\n authentication request. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.5.5-1.1+lenny1. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-1+squeeze1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0-1. \n\nWe recommend that you upgrade your postfix packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw\n5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG\n2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW\nDTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN\njX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue\nYNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY=\n=yCCp\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006\n\nOS X Lion v10.7.2 and Security Update 2011-006 is now available and\naddresses the following:\n\nApache\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in Apache\nDescription: Apache is updated to version 2.2.20 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. CVE-2011-0419 does not affect OS X Lion systems. Further\ninformation is available via the Apache web site at\nhttp://httpd.apache.org/\nCVE-ID\nCVE-2011-0419\nCVE-2011-3192\n\nApplication Firewall\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Executing a binary with a maliciously crafted name may lead\nto arbitrary code execution with elevated privileges\nDescription: A format string vulnerability existed in Application\nFirewall\u0027s debug logging. \nCVE-ID\nCVE-2011-0185 : an anonymous reporter\n\nATS\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to arbitrary code execution\nDescription: A signedness issue existed in ATS\u0027 handling of Type 1\nfonts. This issue does not affect systems prior to OS X Lion. \nCVE-ID\nCVE-2011-3437\n\nATS\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to arbitrary code execution\nDescription: An out of bounds memory access issue existed in ATS\u0027\nhandling of Type 1 fonts. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0229 : Will Dormann of the CERT/CC\n\nATS\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Applications which use the ATSFontDeactivate API may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: A buffer overflow issue existed in the\nATSFontDeactivate API. \nCVE-ID\nCVE-2011-0230 : Steven Michaud of Mozilla\n\nBIND\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in BIND 9.7.3\nDescription: Multiple denial of service issues existed in BIND\n9.7.3. These issues are addressed by updating BIND to version\n9.7.3-P3. \nCVE-ID\nCVE-2011-1910\nCVE-2011-2464\n\nBIND\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in BIND\nDescription: Multiple denial of service issues existed in BIND. \nThese issues are addressed by updating BIND to version 9.6-ESV-R4-P3. \nCVE-ID\nCVE-2009-4022\nCVE-2010-0097\nCVE-2010-3613\nCVE-2010-3614\nCVE-2011-1910\nCVE-2011-2464\n\nCertificate Trust Policy\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1. \nImpact: Root certificates have been updated\nDescription: Several trusted certificates were added to the list of\nsystem roots. Several existing certificates were updated to their\nmost recent version. The complete list of recognized system roots may\nbe viewed via the Keychain Access application. \n\nCFNetwork\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Safari may store cookies it is not configured to accept\nDescription: A synchronization issue existed in CFNetwork\u0027s handling\nof cookie policies. Safari\u0027s cookie preferences may not be honored,\nallowing websites to set cookies that would be blocked were the\npreference enforced. This update addresses the issue through improved\nhandling of cookie storage. \nCVE-ID\nCVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin\nC. Walker, and Stephen Creswell\n\nCFNetwork\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of HTTP\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\nCFNetwork could incorrectly send the cookies for a domain to a server\noutside that domain. This issue does not affect systems prior to OS X\nLion. \nCVE-ID\nCVE-2011-3246 : Erling Ellingsen of Facebook\n\nCoreFoundation\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted website or e-mail message may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription: A memory corruption issue existed in CoreFoundation\u0027s\nhandling of string tokenization. This issue does not affect OS X Lion\nsystems. This update addresses the issue through improved bounds\nchecking. \nCVE-ID\nCVE-2011-0259 : Apple\n\nCoreMedia\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of video data from another site\nDescription: A cross-origin issue existed in CoreMedia\u0027s handling of\ncross-site redirects. This issue is addressed through improved origin\ntracking. \nCVE-ID\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\nResearch (MSVR)\n\nCoreMedia\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of QuickTime movie files. These issues do not affect OS X\nLion systems. \nCVE-ID\nCVE-2011-0224 : Apple\n\nCoreProcesses\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: A person with physical access to a system may partially\nbypass the screen lock\nDescription: A system window, such as a VPN password prompt, that\nappeared while the screen was locked may have accepted keystrokes\nwhile the screen was locked. This issue is addressed by preventing\nsystem windows from requesting keystrokes while the screen is locked. \nThis issue does not affect systems prior to OS X Lion. \nCVE-ID\nCVE-2011-0260 : Clint Tseng of the University of Washington, Michael\nKobb, and Adam Kemp\n\nCoreStorage\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Converting to FileVault does not erase all existing data\nDescription: After enabling FileVault, approximately 250MB at the\nstart of the volume was left unencrypted on the disk in an unused\narea. Only data which was present on the volume before FileVault was\nenabled was left unencrypted. This issue is addressed by erasing this\narea when enabling FileVault, and on the first use of an encrypted\nvolume affected by this issue. This issue does not affect systems\nprior to OS X Lion. \nCVE-ID\nCVE-2011-3212 : Judson Powers of ATC-NY\n\nFile Systems\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: An attacker in a privileged network position may manipulate\nHTTPS server certificates, leading to the disclosure of sensitive\ninformation\nDescription: An issue existed in the handling of WebDAV volumes on\nHTTPS servers. If the server presented a certificate chain that could\nnot be automatically verified, a warning was displayed and the\nconnection was closed. If the user clicked the \"Continue\" button in\nthe warning dialog, any certificate was accepted on the following\nconnection to that server. An attacker in a privileged network\nposition may have manipulated the connection to obtain sensitive\ninformation or take action on the server on the user\u0027s behalf. This\nupdate addresses the issue by validating that the certificate\nreceived on the second connection is the same certificate originally\npresented to the user. \nCVE-ID\nCVE-2011-3213 : Apple\n\nIOGraphics\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: A person with physical access may be able to bypass the\nscreen lock\nDescription: An issue existed with the screen lock when used with\nApple Cinema Displays. When a password is required to wake from\nsleep, a person with physical access may be able to access the system\nwithout entering a password if the system is in display sleep mode. \nThis update addresses the issue by ensuring that the lock screen is\ncorrectly activated in display sleep mode. This issue does not affect\nOS X Lion systems. \nCVE-ID\nCVE-2011-3214 : Apple\n\niChat Server\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: A remote attacker may cause the Jabber server to consume\nsystem resources disproportionately\nDescription: An issue existed in the handling of XML external\nentities in jabberd2, a server for the Extensible Messaging and\nPresence Protocol (XMPP). jabberd2 expands external entities in\nincoming requests. This allows an attacker to consume system\nresources very quickly, denying service to legitimate users of the\nserver. This update addresses the issue by disabling entity expansion\nin incoming requests. \nCVE-ID\nCVE-2011-1755\n\nKernel\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: A person with physical access may be able to access the\nuser\u0027s password\nDescription: A logic error in the kernel\u0027s DMA protection permitted\nfirewire DMA at loginwindow, boot, and shutdown, although not at\nscreen lock. This update addresses the issue by preventing firewire\nDMA at all states where the user is not logged in. \nCVE-ID\nCVE-2011-3215 : Passware, Inc. \n\nKernel\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: An unprivileged user may be able to delete another user\u0027s\nfiles in a shared directory\nDescription: A logic error existed in the kernel\u0027s handling of file\ndeletions in directories with the sticky bit. \nCVE-ID\nCVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer,\nand Allan Schmid and Oliver Jeckel of brainworks Training\n\nlibsecurity\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted website or e-mail message may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription: An error handling issue existed when parsing a\nnonstandard certificate revocation list extension. \nCVE-ID\nCVE-2011-3227 : Richard Godbee of Virginia Tech\n\nMailman\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in Mailman 2.1.14\nDescription: Multiple cross-site scripting issues existed in Mailman\n2.1.14. These issues are addressed by improved encoding of characters\nin HTML output. Further information is available via the Mailman site\nat http://mail.python.org/pipermail/mailman-\nannounce/2011-February/000158.html This issue does not affect OS X\nLion systems. \nCVE-ID\nCVE-2011-0707\n\nMediaKit\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Opening a maliciously crafted disk image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of disk images. These issues do not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-3217 : Apple\n\nOpen Directory\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Any user may read another local user\u0027s password data\nDescription: An access control issue existed in Open Directory. This\nissue does not affect systems prior to OS X Lion. \nCVE-ID\nCVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and\nPatrick Dunstan at defenseindepth.net\n\nOpen Directory\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: An authenticated user may change that account\u0027s password\nwithout providing the current password\nDescription: An access control issue existed in Open Directory. This\nissue does not affect systems prior to OS X Lion. \nCVE-ID\nCVE-2011-3436 : Patrick Dunstan at defenceindepth.net\n\nOpen Directory\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: A user may be able to log in without a password\nDescription: When Open Directory is bound to an LDAPv3 server using\nRFC2307 or custom mappings, such that there is no\nAuthenticationAuthority attribute for a user, an LDAP user may be\nallowed to log in without a password. This issue does not affect\nsystems prior to OS X Lion. \nCVE-ID\nCVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin,\nSteven Eppler of Colorado Mesa University, Hugh Cole-Baker, and\nFrederic Metoz of Institut de Biologie Structurale\n\nPHP\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in FreeType\u0027s handling of\nType 1 fonts. This issue is addressed by updating FreeType to version\n2.4.6. This issue does not affect systems prior to OS X Lion. Further\ninformation is available via the FreeType site at\nhttp://www.freetype.org/\nCVE-ID\nCVE-2011-0226\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in libpng 1.4.3\nDescription: libpng is updated to version 1.5.4 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-2690\nCVE-2011-2691\nCVE-2011-2692\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in PHP 5.3.4\nDescription: PHP is updated to version 5.3.6 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. This issues do not affect OS X Lion systems. Further\ninformation is available via the PHP website at http://www.php.net/\nCVE-ID\nCVE-2010-3436\nCVE-2010-4645\nCVE-2011-0420\nCVE-2011-0421\nCVE-2011-0708\nCVE-2011-1092\nCVE-2011-1153\nCVE-2011-1466\nCVE-2011-1467\nCVE-2011-1468\nCVE-2011-1469\nCVE-2011-1470\nCVE-2011-1471\n\npostfix\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: An attacker in a privileged network position may manipulate\nmail sessions, resulting in the disclosure of sensitive information\nDescription: A logic issue existed in Postfix in the handling of the\nSTARTTLS command. After receiving a STARTTLS command, Postfix may\nprocess other plain-text commands. An attacker in a privileged\nnetwork position may manipulate the mail session to obtain sensitive\ninformation from the encrypted traffic. This update addresses the\nissue by clearing the command queue after processing a STARTTLS\ncommand. This issue does not affect OS X Lion systems. Further\ninformation is available via the Postfix site at\nhttp://www.postfix.org/announcements/postfix-2.7.3.html\nCVE-ID\nCVE-2011-0411\n\npython\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in python\nDescription: Multiple vulnerabilities existed in python, the most\nserious of which may lead to arbitrary code execution. This update\naddresses the issues by applying patches from the python project. \nFurther information is available via the python site at\nhttp://www.python.org/download/releases/\nCVE-ID\nCVE-2010-1634\nCVE-2010-2089\nCVE-2011-1521\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in\nQuickTime\u0027s handling of movie files. \nCVE-ID\nCVE-2011-3228 : Apple\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of STSC\natoms in QuickTime movie files. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0249 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of STSS\natoms in QuickTime movie files. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0250 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of STSZ\natoms in QuickTime movie files. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0251 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of STTS\natoms in QuickTime movie files. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0252 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: An attacker in a privileged network position may inject\nscript in the local domain when viewing template HTML\nDescription: A cross-site scripting issue existed in QuickTime\nPlayer\u0027s \"Save for Web\" export. The template HTML files generated by\nthis feature referenced a script file from a non-encrypted origin. An\nattacker in a privileged network position may be able to inject\nmalicious scripts in the local domain if the user views a template\nfile locally. This issue is resolved by removing the reference to an\nonline script. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-3218 : Aaron Sigel of vtty.com\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nH.264 encoded movie files. \nCVE-ID\nCVE-2011-3219 : Damian Put working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to the\ndisclosure of memory contents\nDescription: An uninitialized memory access issue existed in\nQuickTime\u0027s handling of URL data handlers within movie files. \nCVE-ID\nCVE-2011-3220 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An implementation issue existed in QuickTime\u0027s handling\nof the atom hierarchy within a movie file. \nCVE-ID\nCVE-2011-3221 : an anonymous researcher working with TippingPoint\u0027s\nZero Day Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted FlashPix file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nFlashPix files. \nCVE-ID\nCVE-2011-3222 : Damian Put working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nFLIC files. \nCVE-ID\nCVE-2011-3223 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nSMB File Server\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: A guest user may browse shared folders\nDescription: An access control issue existed in the SMB File Server. \nDisallowing guest access to the share point record for a folder\nprevented the \u0027_unknown\u0027 user from browsing the share point but not\nguests (user \u0027nobody\u0027). This issue is addressed by applying the\naccess control to the guest user. This issue does not affect systems\nprior to OS X Lion. \nCVE-ID\nCVE-2011-3225\n\nTomcat\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in Tomcat 6.0.24\nDescription: Tomcat is updated to version 6.0.32 to address multiple\nvulnerabilities, the most serious of which may lead to a cross site\nscripting attack. Tomcat is only provided on Mac OS X Server systems. \nThis issue does not affect OS X Lion systems. Further information is\navailable via the Tomcat site at http://tomcat.apache.org/\nCVE-ID\nCVE-2010-1157\nCVE-2010-2227\nCVE-2010-3718\nCVE-2010-4172\nCVE-2011-0013\nCVE-2011-0534\n\nUser Documentation\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: An attacker in a privileged network position may manipulate\nApp Store help content, leading to arbitrary code execution\nDescription: App Store help content was updated over HTTP. This\nupdate addresses the issue by updating App Store help content over\nHTTPS. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-3224 : Aaron Sigel of vtty.com\n\nWeb Server\nAvailable for: Mac OS X Server v10.6.8\nImpact: Clients may be unable to access web services that require\ndigest authentication\nDescription: An issue in the handling of HTTP Digest authentication\nwas addressed. Users may be denied access to the server\u0027s resources,\nwhen the server configuration should have allowed the access. This\nissue does not represent a security risk, and was addressed to\nfacilitate the use of stronger authentication mechanisms. Systems\nrunning OS X Lion Server are not affected by this issue. \n\nX11\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in libpng\nDescription: Multiple vulnerabilities existed in libpng, the most\nserious of which may lead to arbitrary code execution. These issues\nare addressed by updating libpng to version 1.5.4 on OS Lion systems,\nand to 1.2.46 on Mac OS X v10.6 systems. Further information is\navailable via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-2690\nCVE-2011-2691\nCVE-2011-2692\n\nOS X Lion v10.7.2 also includes Safari 5.1.1. For information on\nthe security content of Safari 5.1.1, please visit:\nhttp://support.apple.com/kb/HT5000\n\nOS X Lion v10.7.2 and Security Update 2011-006 may be obtained from\nthe Software Update pane in System Preferences, or Apple\u0027s Software\nDownloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nSecurity Update 2011-006 or OS X v10.7.2. \n\nFor OS X Lion v10.7.1\nThe download file is named: MacOSXUpd10.7.2.dmg\nIts SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229\n\nFor OS X Lion v10.7\nThe download file is named: MacOSXUpdCombo10.7.2.dmg\nIts SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb\n\nFor OS X Lion Server v10.7.1\nThe download file is named: MacOSXServerUpd10.7.2.dmg\nIts SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da\n\nFor OS X Lion Server v10.7\nThe download file is named: MacOSXServerUpdCombo10.7.2.dmg\nIts SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2011-006Snow.dmg\nIts SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2011-006.dmg\nIts SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3\nTFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md\n/BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U\nZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4\nsTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG\n69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU=\n=gsvn\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0411"
},
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99097"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "PACKETSTORM",
"id": "105738"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#555316",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2011-0411",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "43646",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0611",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1025179",
"trust": 2.6
},
{
"db": "BID",
"id": "46767",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "43874",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0891",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2011-0752",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "71021",
"trust": 1.8
},
{
"db": "JUNIPER",
"id": "JSA10705",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/08/10/2",
"trust": 1.1
},
{
"db": "XF",
"id": "65932",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "114177",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107027",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "99457",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99392",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99053",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-48356",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-0411",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100558",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99097",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105738",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99097"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "PACKETSTORM",
"id": "105738"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"id": "VAR-201103-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-48356"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:40:40.823000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "postfix-2.3.3-2.10.AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1399"
},
{
"title": "2211",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2211"
},
{
"title": "2212",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2212"
},
{
"title": "3624",
"trust": 0.8,
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3624"
},
{
"title": "NEWS-1.3.3e",
"trust": 0.8,
"url": "http://www.proftpd.org/docs/news-1.3.3e"
},
{
"title": "NEWS-1.3.4rc2",
"trust": 0.8,
"url": "http://www.proftpd.org/docs/news-1.3.4rc2"
},
{
"title": "RHSA-2011:0422",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0422.html"
},
{
"title": "RHSA-2011:0423",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0423.html"
},
{
"title": "TLSA-2011-13",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2011/tlsa-2011-13j.txt"
},
{
"title": "TLSA-2013-4",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2013/tlsa-2013-4j.html"
},
{
"title": "Postfix STARTTLS Achieve repair measures for plaintext command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159437"
},
{
"title": "Debian CVElist Bug Report Logs: postfix STARTTLS affected by CVE-2011-0411",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=74282b8fe400ed6ddbb6171a1052e2fd"
},
{
"title": "Debian CVElist Bug Report Logs: [CVE-2011-4130] Use-after-free issue",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f7453f9ff437afb706c192fb10d67eb2"
},
{
"title": "Debian CVElist Bug Report Logs: inn: CVE-2012-3523 prone to STARTTLS plaintext command injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a774850c70017348487727b907fda84b"
},
{
"title": "Debian CVElist Bug Report Logs: courier: CVE-2021-38084",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9dc8ffd76b724b58108eb46bc913121c"
},
{
"title": "Debian CVElist Bug Report Logs: STARTTLS plaintext command injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b03b4eab65949f1c915b1538f80e6a4b"
},
{
"title": "Ubuntu Security Notice: postfix vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1113-1"
},
{
"title": "Debian Security Advisories: DSA-2346-2 proftpd-dfsg -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a1db5959643fcc6f1957a67359aa92ed"
},
{
"title": "Debian Security Advisories: DSA-2233-1 postfix -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=96aadd3bb66ec0adb18615b395c09544"
},
{
"title": "Vision",
"trust": 0.1,
"url": "https://github.com/coolervoid/vision "
},
{
"title": "Vision2",
"trust": 0.1,
"url": "https://github.com/coolervoid/vision2 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/46767"
},
{
"trust": 2.6,
"url": "http://securitytracker.com/id?1025179"
},
{
"trust": 2.6,
"url": "http://secunia.com/advisories/43646"
},
{
"trust": 2.6,
"url": "http://www.vupen.com/english/advisories/2011/0611"
},
{
"trust": 1.9,
"url": "http://www.postfix.org/cve-2011-0411.html"
},
{
"trust": 1.9,
"url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht5002"
},
{
"trust": 1.8,
"url": "http://www.kb.cert.org/vuls/id/moro-8elh6z"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2011/dsa-2233"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056560.html"
},
{
"trust": 1.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056559.html"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/71021"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0422.html"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0423.html"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/43874"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2011/0752"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2011/0891"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10705"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc2595"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc3207"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc4642"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
},
{
"trust": 0.8,
"url": "http://www.watchguard.com/archive/softwarecenter.asp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0411"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/65932"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu555316"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0411"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0411"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2939"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1720"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10705"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617849"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1113-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4130"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43646/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/section_179/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43646/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43646"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1720"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0259"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0185"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0097"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4022"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht5000"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2089"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0229"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3613"
},
{
"trust": 0.1,
"url": "http://www.freetype.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0419"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3436"
},
{
"trust": 0.1,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.1,
"url": "http://www.php.net/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0249"
},
{
"trust": 0.1,
"url": "http://mail.python.org/pipermail/mailman-"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.1,
"url": "http://www.postfix.org/announcements/postfix-2.7.3.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0224"
},
{
"trust": 0.1,
"url": "http://www.python.org/download/releases/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99097"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "PACKETSTORM",
"id": "105738"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#555316"
},
{
"db": "VULHUB",
"id": "VHN-48356"
},
{
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"db": "PACKETSTORM",
"id": "100558"
},
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "99097"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "PACKETSTORM",
"id": "101275"
},
{
"db": "PACKETSTORM",
"id": "105738"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-07T00:00:00",
"db": "CERT/CC",
"id": "VU#555316"
},
{
"date": "2011-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-48356"
},
{
"date": "2011-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"date": "2011-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"date": "2011-04-18T22:40:46",
"db": "PACKETSTORM",
"id": "100558"
},
{
"date": "2011-11-16T04:40:08",
"db": "PACKETSTORM",
"id": "107027"
},
{
"date": "2011-03-09T06:30:30",
"db": "PACKETSTORM",
"id": "99097"
},
{
"date": "2012-06-25T22:58:41",
"db": "PACKETSTORM",
"id": "114177"
},
{
"date": "2011-05-10T18:42:48",
"db": "PACKETSTORM",
"id": "101275"
},
{
"date": "2011-10-13T02:35:35",
"db": "PACKETSTORM",
"id": "105738"
},
{
"date": "2011-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"date": "2011-03-16T22:55:02.717000",
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-08T00:00:00",
"db": "CERT/CC",
"id": "VU#555316"
},
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-48356"
},
{
"date": "2021-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0411"
},
{
"date": "2013-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001357"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-213"
},
{
"date": "2021-08-10T12:15:07.120000",
"db": "NVD",
"id": "CVE-2011-0411"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "107027"
},
{
"db": "PACKETSTORM",
"id": "114177"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "STARTTLS plaintext command injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#555316"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201103-213"
}
],
"trust": 0.6
}
}
VAR-200106-0149
Vulnerability from variot - Updated: 2024-07-23 21:31Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account. -----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary May 10, 2001 Volume 6 Number 6
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php
This summary can be found at: http://xforce.iss.net/alerts/vol-6_num-6.php
Contents: * 120 Reported Vulnerabilities * Risk Factor Key
Date Reported: 04/02/2001 Brief Description: The Bat! masked file type in email attachment could allow execution of code Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: The Bat! 1.49 and earlier Vulnerability: thebat-masked-file-type X-Force URL: http://xforce.iss.net/static/6324.php
Date Reported: 04/02/2001 Brief Description: PHP-Nuke could allow attackers to redirect ad banner URL links Risk Factor: Medium Attack Type: Network Based Platforms Affected: PHP-Nuke 4.4 and earlier Vulnerability: php-nuke-url-redirect X-Force URL: http://xforce.iss.net/static/6342.php
Date Reported: 04/03/2001 Brief Description: Orinoco RG-1000 Residential Gateway default SSID reveals WEP encryption key Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Orinoco Residential Gateway RG-1000 Vulnerability: orinoco-rg1000-wep-key X-Force URL: http://xforce.iss.net/static/6328.php
Date Reported: 04/03/2001 Brief Description: Navision Financials server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Navision Financials 2.5 and 2.6 Vulnerability: navision-server-dos X-Force URL: http://xforce.iss.net/static/6318.php
Date Reported: 04/03/2001 Brief Description: uStorekeeper online shopping system allows remote file retrieval Risk Factor: Medium Attack Type: Network Based Platforms Affected: uStorekeeper 1.61 Vulnerability: ustorekeeper-retrieve-files X-Force URL: http://xforce.iss.net/static/6319.php
Date Reported: 04/03/2001 Brief Description: Resin server allows remote attackers to view Javabean files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Resin 1.2.x, Resin 1.3b1 Vulnerability: resin-view-javabean X-Force URL: http://xforce.iss.net/static/6320.php
Date Reported: 04/03/2001 Brief Description: BPFTP could allow attackers to obtain login credentials Risk Factor: High Attack Type: Network Based Platforms Affected: BPFTP 2.0 Vulnerability: bpftp-obtain-credentials X-Force URL: http://xforce.iss.net/static/6330.php
Date Reported: 04/04/2001 Brief Description: Ntpd server readvar control message buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, Slackware Linux 7.1, Engarde Secure Linux 1.0.1, Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and earlier, FreeBSD 4.2-Stable, Mandrake Linux Corporate Server 1.0.1, Mandrake Linux 7.2, Trustix Secure Linux, Immunix Linux 7.0, NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux eServer 2.3.1 Vulnerability: ntpd-remote-bo X-Force URL: http://xforce.iss.net/static/6321.php
Date Reported: 04/04/2001 Brief Description: Cisco CSS debug mode allows users to gain administrative access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Cisco Content Services Switch 11050, Cisco Content Services Switch 11150, Cisco Content Services Switch 11800 Vulnerability: cisco-css-elevate-privileges X-Force URL: http://xforce.iss.net/static/6322.php
Date Reported: 04/04/2001 Brief Description: BEA Tuxedo may allow access to remote services Risk Factor: Medium Attack Type: Network Based Platforms Affected: BEA Tuxedo 7.1 Vulnerability: bea-tuxedo-remote-access X-Force URL: http://xforce.iss.net/static/6326.php
Date Reported: 04/05/2001 Brief Description: Ultimate Bulletin Board could allow attackers to bypass authentication Risk Factor: High Attack Type: Network Based Platforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin Board 5.4.7e Vulnerability: ultimatebb-bypass-authentication X-Force URL: http://xforce.iss.net/static/6339.php
Date Reported: 04/05/2001 Brief Description: BinTec X4000 NMAP denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000, BinTec X1200 Vulnerability: bintec-x4000-nmap-dos X-Force URL: http://xforce.iss.net/static/6323.php
Date Reported: 04/05/2001 Brief Description: WatchGuard Firebox II kernel denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WatchGuard Firebox II prior to 4.6 Vulnerability: firebox-kernel-dos X-Force URL: http://xforce.iss.net/static/6327.php
Date Reported: 04/06/2001 Brief Description: Cisco PIX denial of service due to multiple TACACS+ requests Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco PIX Firewall 5.1.4 Vulnerability: cisco-pix-tacacs-dos X-Force URL: http://xforce.iss.net/static/6353.php
Date Reported: 04/06/2001 Brief Description: Darren Reed's IP Filter allows attackers to access UDP and TCP ports Risk Factor: Medium Attack Type: Network Based Platforms Affected: IP Filter 3.4.16 Vulnerability: ipfilter-access-ports X-Force URL: http://xforce.iss.net/static/6331.php
Date Reported: 04/06/2001 Brief Description: Veritas NetBackup nc (netcat) command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: NetBackup 3.2 Vulnerability: veritas-netbackup-nc-dos X-Force URL: http://xforce.iss.net/static/6329.php
Date Reported: 04/08/2001 Brief Description: PGP may allow malicious users to access authenticated split keys Risk Factor: Medium Attack Type: Host Based Platforms Affected: PGP 7.0 Vulnerability: nai-pgp-split-keys X-Force URL: http://xforce.iss.net/static/6341.php
Date Reported: 04/09/2001 Brief Description: Solaris kcms_configure command line buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcms-command-bo X-Force URL: http://xforce.iss.net/static/6359.php
Date Reported: 04/09/2001 Brief Description: TalkBack CGI script could allow remote attackers to read files on the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: TalkBack prior to 1.2 Vulnerability: talkback-cgi-read-files X-Force URL: http://xforce.iss.net/static/6340.php
Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) implementation Risk Factor: Low Attack Type: Network Based Platforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, HP-UX 11.00, NetBSD Vulnerability: ftp-glob-implementation X-Force URL: http://xforce.iss.net/static/6333.php
Date Reported: 04/09/2001 Brief Description: Pine mail client temp file symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat Linux 6.2, Red Hat Linux 7.0 Vulnerability: pine-tmp-file-symlink X-Force URL: http://xforce.iss.net/static/6367.php
Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) expansion Risk Factor: Low Attack Type: Network Based Platforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5 Vulnerability: ftp-glob-expansion X-Force URL: http://xforce.iss.net/static/6332.php
Date Reported: 04/09/2001 Brief Description: Netscape embedded JavaScript in GIF file comments can be used to access remote data Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2, Debian Linux 2.2, Conectiva Linux, Red Hat Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Red Hat Linux 7.1 Vulnerability: netscape-javascript-access-data X-Force URL: http://xforce.iss.net/static/6344.php
Date Reported: 04/09/2001 Brief Description: STRIP generates weak passwords Risk Factor: Low Attack Type: Host Based Platforms Affected: STRIP 0.5 and earlier Vulnerability: strip-weak-passwords X-Force URL: http://xforce.iss.net/static/6362.php
Date Reported: 04/10/2001 Brief Description: Solaris Xsun HOME environment variable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-xsun-home-bo X-Force URL: http://xforce.iss.net/static/6343.php
Date Reported: 04/10/2001 Brief Description: Compaq Presario Active X denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: Compaq Presario, Windows 98, Windows ME Vulnerability: compaq-activex-dos X-Force URL: http://xforce.iss.net/static/6355.php
Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems 'EXPERT' account Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-expert-account X-Force URL: http://xforce.iss.net/static/6354.php
Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on LAN to gain access using TFTP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-lan-access X-Force URL: http://xforce.iss.net/static/6336.php
Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on WAN to gain access using TFTP Risk Factor: Low Attack Type: Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-wan-access X-Force URL: http://xforce.iss.net/static/6337.php
Date Reported: 04/10/2001 Brief Description: Oracle Application Server shared library (ndwfn4.so) buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: iPlanet Web Server 4.x, Oracle Application Server 4.0.8.2 Vulnerability: oracle-appserver-ndwfn4-bo X-Force URL: http://xforce.iss.net/static/6334.php
Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems use blank password by default Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-blank-password X-Force URL: http://xforce.iss.net/static/6335.php
Date Reported: 04/11/2001 Brief Description: Solaris dtsession buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-dtsession-bo X-Force URL: http://xforce.iss.net/static/6366.php
Date Reported: 04/11/2001 Brief Description: Solaris kcsSUNWIOsolf.so buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcssunwiosolf-bo X-Force URL: http://xforce.iss.net/static/6365.php
Date Reported: 04/11/2001 Brief Description: Lightwave ConsoleServer brute force password attack Risk Factor: High Attack Type: Network Based Platforms Affected: Lightwave ConsoleServer 3200 Vulnerability: lightwave-consoleserver-brute-force X-Force URL: http://xforce.iss.net/static/6345.php
Date Reported: 04/11/2001 Brief Description: nph-maillist allows user to execute code Risk Factor: Low Attack Type: Host Based Platforms Affected: Email List Generator 3.5 and earlier Vulnerability: nph-maillist-execute-code X-Force URL: http://xforce.iss.net/static/6363.php
Date Reported: 04/11/2001 Brief Description: Symantec Ghost Configuration Server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5 Vulnerability: ghost-configuration-server-dos X-Force URL: http://xforce.iss.net/static/6357.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server DOS device denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-device-dos X-Force URL: http://xforce.iss.net/static/6348.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server HTTP header denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-header-dos X-Force URL: http://xforce.iss.net/static/6347.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server URL parsing denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-url-dos X-Force URL: http://xforce.iss.net/static/6351.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server CORBA denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-corba-dos X-Force URL: http://xforce.iss.net/static/6350.php
Date Reported: 04/11/2001 Brief Description: Symantec Ghost database engine denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5, Sybase Adaptive Server Database Engine 6.0.3.2747 Vulnerability: ghost-database-engine-dos X-Force URL: http://xforce.iss.net/static/6356.php
Date Reported: 04/11/2001 Brief Description: cfingerd daemon remote format string Risk Factor: Low Attack Type: Network Based Platforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd 1.4.3 and earlier Vulnerability: cfingerd-remote-format-string X-Force URL: http://xforce.iss.net/static/6364.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server Unicode denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-unicode-dos X-Force URL: http://xforce.iss.net/static/6349.php
Date Reported: 04/11/2001 Brief Description: Linux mkpasswd generates weak passwords Risk Factor: High Attack Type: Host Based Platforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd Vulnerability: mkpasswd-weak-passwords X-Force URL: http://xforce.iss.net/static/6382.php
Date Reported: 04/12/2001 Brief Description: Solaris ipcs utility buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Solaris 7 Vulnerability: solaris-ipcs-bo X-Force URL: http://xforce.iss.net/static/6369.php
Date Reported: 04/12/2001 Brief Description: InterScan VirusWall ISADMIN service buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel , InterScan VirusWall 3.0.1 Vulnerability: interscan-viruswall-isadmin-bo X-Force URL: http://xforce.iss.net/static/6368.php
Date Reported: 04/12/2001 Brief Description: HylaFAX hfaxd format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1, Mandrake Linux 7.2, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 Vulnerability: hylafax-hfaxd-format-string X-Force URL: http://xforce.iss.net/static/6377.php
Date Reported: 04/12/2001 Brief Description: Cisco VPN 3000 Concentrators invalid IP Option denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F Vulnerability: cisco-vpn-ip-dos X-Force URL: http://xforce.iss.net/static/6360.php
Date Reported: 04/13/2001 Brief Description: Net.Commerce package in IBM WebSphere reveals installation path Risk Factor: High Attack Type: Network Based Platforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris 7, Windows NT 4.0 Vulnerability: ibm-websphere-reveals-path X-Force URL: http://xforce.iss.net/static/6371.php
Date Reported: 04/13/2001 Brief Description: QPC ftpd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Term 5.0, QVT/Net 5.0 Vulnerability: qpc-ftpd-bo X-Force URL: http://xforce.iss.net/static/6376.php
Date Reported: 04/13/2001 Brief Description: QPC ftpd directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: QVT/Net 5.0, QVT/Term 5.0 Vulnerability: qpc-ftpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6375.php
Date Reported: 04/13/2001 Brief Description: QPC popd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Net 5.0 Vulnerability: qpc-popd-bo X-Force URL: http://xforce.iss.net/static/6374.php
Date Reported: 04/13/2001 Brief Description: NCM Content Management System access database Risk Factor: Low Attack Type: Network Based Platforms Affected: NCM Content Management System Vulnerability: ncm-content-database-access X-Force URL: http://xforce.iss.net/static/6386.php
Date Reported: 04/13/2001 Brief Description: Netscape SmartDownload 'sdph20.dll' buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows 95, Windows 98 Vulnerability: netscape-smartdownload-sdph20-bo X-Force URL: http://xforce.iss.net/static/6403.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer accept buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-accept-bo X-Force URL: http://xforce.iss.net/static/6404.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer cancel buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-cancel-bo X-Force URL: http://xforce.iss.net/static/6406.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer disable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-disable-bo X-Force URL: http://xforce.iss.net/static/6407.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer enable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-enable-bo X-Force URL: http://xforce.iss.net/static/6409.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer lp buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lp-bo X-Force URL: http://xforce.iss.net/static/6410.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpfilter buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpfilter-bo X-Force URL: http://xforce.iss.net/static/6411.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpstat buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpstat-bo X-Force URL: http://xforce.iss.net/static/6413.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer reject buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-reject-bo X-Force URL: http://xforce.iss.net/static/6414.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer rmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-rmail-bo X-Force URL: http://xforce.iss.net/static/6415.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer tput buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-tput-bo X-Force URL: http://xforce.iss.net/static/6416.php
Date Reported: 04/13/2001 Brief Description: IBM WebSphere CGI macro denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX 4.3.x, Solaris 7 Vulnerability: ibm-websphere-macro-dos X-Force URL: http://xforce.iss.net/static/6372.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpmove buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpmove-bo X-Force URL: http://xforce.iss.net/static/6412.php
Date Reported: 04/14/2001 Brief Description: Siemens Reliant Unix ppd -T symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant Unix 5.44 Vulnerability: reliant-unix-ppd-symlink X-Force URL: http://xforce.iss.net/static/6408.php
Date Reported: 04/15/2001 Brief Description: Linux Exuberant Ctags package symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Debian Linux 2.2, exuberant-ctags Vulnerability: exuberant-ctags-symlink X-Force URL: http://xforce.iss.net/static/6388.php
Date Reported: 04/15/2001 Brief Description: processit.pl CGI could allow attackers to view sensitive information about the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: processit.pl Vulnerability: processit-cgi-view-info X-Force URL: http://xforce.iss.net/static/6385.php
Date Reported: 04/16/2001 Brief Description: Microsoft ISA Server Web Proxy denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft ISA Server 2000 Vulnerability: isa-web-proxy-dos X-Force URL: http://xforce.iss.net/static/6383.php
Date Reported: 04/16/2001
Brief Description: Microsoft Internet Explorer altering CLSID
action allows malicious file execution
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98
Vulnerability: ie-clsid-execute-files
X-Force URL: http://xforce.iss.net/static/6426.php
Date Reported: 04/16/2001 Brief Description: Cisco Catalyst 5000 series switch 802.1x denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco Catalyst 5000 Series Vulnerability: cisco-catalyst-8021x-dos X-Force URL: http://xforce.iss.net/static/6379.php
Date Reported: 04/16/2001 Brief Description: BubbleMon allows users to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: BubbleMon prior to 1.32, FreeBSD Vulnerability: bubblemon-elevate-privileges X-Force URL: http://xforce.iss.net/static/6378.php
Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-directory-traversal X-Force URL: http://xforce.iss.net/static/6391.php
Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field allows attacker to upload files Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-file-upload X-Force URL: http://xforce.iss.net/static/6393.php
Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field EXPR allows attacker to execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-expr X-Force URL: http://xforce.iss.net/static/6392.php
Date Reported: 04/16/2001 Brief Description: Linux NetFilter IPTables Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel 2.4, Red Hat Linux 7.1 Vulnerability: linux-netfilter-iptables X-Force URL: http://xforce.iss.net/static/6390.php
Date Reported: 04/17/2001 Brief Description: Xitami Web server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4 Vulnerability: xitami-server-dos X-Force URL: http://xforce.iss.net/static/6389.php
Date Reported: 04/17/2001 Brief Description: Samba tmpfile symlink attack could allow elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0, Progeny Linux, Caldera OpenLinux eBuilder, Trustix Secure Linux 1.01, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, Immunix Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Caldera OpenLinux eServer 2.3.1, Caldera OpenLinux eDesktop 2.4, FreeBSD 3.5.1 Vulnerability: samba-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6396.php
Date Reported: 04/17/2001 Brief Description: GoAhead WebServer "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME Vulnerability: goahead-aux-dos X-Force URL: http://xforce.iss.net/static/6400.php
Date Reported: 04/17/2001 Brief Description: AnalogX SimpleServer:WWW "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SimpleServer:WWW 1.03 to 1.08 Vulnerability: analogx-simpleserver-aux-dos X-Force URL: http://xforce.iss.net/static/6395.php
Date Reported: 04/17/2001 Brief Description: Viking Server hexadecimal URL encoded format directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server prior to 1.07-381 Vulnerability: viking-hex-directory-traversal X-Force URL: http://xforce.iss.net/static/6394.php
Date Reported: 04/17/2001 Brief Description: Solaris FTP server allows attacker to recover shadow file Risk Factor: Medium Attack Type: Host Based Platforms Affected: Solaris 2.6 Vulnerability: solaris-ftp-shadow-recovery X-Force URL: http://xforce.iss.net/static/6422.php
Date Reported: 04/18/2001 Brief Description: The Bat! pop3 denial of service Risk Factor: High Attack Type: Network Based Platforms Affected: The Bat! 1.51, Windows Vulnerability: thebat-pop3-dos X-Force URL: http://xforce.iss.net/static/6423.php
Date Reported: 04/18/2001 Brief Description: Eudora allows attacker to obtain files using plain text attachments Risk Factor: Medium Attack Type: Network Based Platforms Affected: Eudora 5.0.2 Vulnerability: eudora-plain-text-attachment X-Force URL: http://xforce.iss.net/static/6431.php
Date Reported: 04/18/2001 Brief Description: VMware vmware-mount.pl symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: VMware Vulnerability: vmware-mount-symlink X-Force URL: http://xforce.iss.net/static/6420.php
Date Reported: 04/18/2001 Brief Description: KFM tmpfile symbolic link could allow local attackers to overwrite files Risk Factor: Medium Attack Type: Host Based Platforms Affected: SuSE Linux 7.0, K File Manager (KFM) Vulnerability: kfm-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6428.php
Date Reported: 04/18/2001 Brief Description: CyberScheduler timezone remote buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: CyberScheduler, Mandrake Linux, Windows 2000, IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, Slackware Linux, Red Hat Linux, IIS 4.0, Debian Linux, Solaris 2.5, Solaris 2.6, Caldera OpenLinux, Windows NT Vulnerability: cyberscheduler-timezone-bo X-Force URL: http://xforce.iss.net/static/6401.php
Date Reported: 04/18/2001 Brief Description: Microsoft Data Access Component Internet Publishing Provider allows WebDAV access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Data Access Component 8.103.2519.0, Windows 95, Windows NT 4.0, Windows 98, Windows 98 Second Edition, Windows 2000, Windows ME Vulnerability: ms-dacipp-webdav-access X-Force URL: http://xforce.iss.net/static/6405.php
Date Reported: 04/18/2001 Brief Description: Oracle tnslsnr80.exe denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8 Vulnerability: oracle-tnslsnr80-dos X-Force URL: http://xforce.iss.net/static/6427.php
Date Reported: 04/18/2001 Brief Description: innfeed -c flag buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux, INN prior to 2.3.1 Vulnerability: innfeed-c-bo X-Force URL: http://xforce.iss.net/static/6398.php
Date Reported: 04/18/2001 Brief Description: iPlanet Calendar Server stores username and password in plaintext Risk Factor: Low Attack Type: Host Based Platforms Affected: iPlanet Calendar Server 5.0p2 Vulnerability: iplanet-calendar-plaintext-password X-Force URL: http://xforce.iss.net/static/6402.php
Date Reported: 04/18/2001 Brief Description: Linux NEdit symlink when printing Risk Factor: High Attack Type: Host Based Platforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2, SuSE Linux 7.0, Mandrake Linux Corporate Server 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0 Vulnerability: nedit-print-symlink X-Force URL: http://xforce.iss.net/static/6424.php
Date Reported: 04/19/2001 Brief Description: CheckBO TCP buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: CheckBO 1.56 and earlier Vulnerability: checkbo-tcp-bo X-Force URL: http://xforce.iss.net/static/6436.php
Date Reported: 04/19/2001 Brief Description: HP-UX pcltotiff uses insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, HP-UX 10.26 Vulnerability: hp-pcltotiff-insecure-permissions X-Force URL: http://xforce.iss.net/static/6447.php
Date Reported: 04/19/2001 Brief Description: Netopia Timbuktu allows unauthorized system access Risk Factor: Low Attack Type: Host Based Platforms Affected: Timbuktu Pro, Macintosh OS X Vulnerability: netopia-timbuktu-gain-access X-Force URL: http://xforce.iss.net/static/6452.php
Date Reported: 04/20/2001 Brief Description: Cisco CBOS could allow attackers to gain privileged information Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053 Vulnerability: cisco-cbos-gain-information X-Force URL: http://xforce.iss.net/static/6453.php
Date Reported: 04/20/2001 Brief Description: Internet Explorer 5.x allows active scripts using XML stylesheets Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.x, Outlook Express 5.x Vulnerability: ie-xml-stylesheets-scripting X-Force URL: http://xforce.iss.net/static/6448.php
Date Reported: 04/20/2001 Brief Description: Linux gftp format string Risk Factor: Low Attack Type: Network Based Platforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, Mandrake Linux Corporate Server 1.0.1, Immunix Linux 7.0, Red Hat Linux 7.1, Mandrake Linux 7.2, Immunix Linux 6.2, Immunix 7.0 beta, Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat Linux 7.0 Vulnerability: gftp-format-string X-Force URL: http://xforce.iss.net/static/6478.php
Date Reported: 04/20/2001 Brief Description: Novell BorderManager VPN client SYN requests denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Novell BorderManager 3.5 Vulnerability: bordermanager-vpn-syn-dos X-Force URL: http://xforce.iss.net/static/6429.php
Date Reported: 04/20/2001 Brief Description: SAFT sendfiled could allow the execution of arbitrary code Risk Factor: Low Attack Type: Host Based Platforms Affected: Debian Linux 2.2, Progeny Linux, sendfile Vulnerability: saft-sendfiled-execute-code X-Force URL: http://xforce.iss.net/static/6430.php
Date Reported: 04/21/2001 Brief Description: Mercury MTA for Novell Netware buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare Vulnerability: mercury-mta-bo X-Force URL: http://xforce.iss.net/static/6444.php
Date Reported: 04/21/2001 Brief Description: QNX allows attacker to read files on FAT partition Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: QNX 2.4 Vulnerability: qnx-fat-file-read X-Force URL: http://xforce.iss.net/static/6437.php
Date Reported: 04/23/2001 Brief Description: Viking Server "dot dot" (...) directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server 1.0.7 Vulnerability: viking-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6450.php
Date Reported: 04/24/2001 Brief Description: NetCruiser Web Server could reveal directory path Risk Factor: High Attack Type: Network Based Platforms Affected: NetCruiser Web Server 0.1.2.8 Vulnerability: netcruiser-server-path-disclosure X-Force URL: http://xforce.iss.net/static/6468.php
Date Reported: 04/24/2001 Brief Description: Perl Web Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Perl Web Server 0.3 and prior Vulnerability: perl-webserver-directory-traversal X-Force URL: http://xforce.iss.net/static/6451.php
Date Reported: 04/24/2001 Brief Description: Small HTTP Server /aux denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Small HTTP Server 2.03 Vulnerability: small-http-aux-dos X-Force URL: http://xforce.iss.net/static/6446.php
Date Reported: 04/24/2001 Brief Description: IPSwitch IMail SMTP daemon mailing list handler buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IPSwitch Imail 6.06 and earlier Vulnerability: ipswitch-imail-smtp-bo X-Force URL: http://xforce.iss.net/static/6445.php
Date Reported: 04/25/2001 Brief Description: MIT Kerberos 5 could allow attacker to gain root access by injecting base64-encoded data Risk Factor: Low Attack Type: Network Based Platforms Affected: MIT Kerberos 5 Vulnerability: kerberos-inject-base64-encode X-Force URL: http://xforce.iss.net/static/6454.php
Date Reported: 04/26/2001 Brief Description: IRIX netprint -n allows attacker to access shared library Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: IRIX 6.x Vulnerability: irix-netprint-shared-library X-Force URL: http://xforce.iss.net/static/6473.php
Date Reported: 04/26/2001 Brief Description: WebXQ "dot dot" directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Windows, WebXQ 2.1.204 Vulnerability: webxq-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6466.php
Date Reported: 04/26/2001 Brief Description: RaidenFTPD "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1 Vulnerability: raidenftpd-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6455.php
Date Reported: 04/27/2001 Brief Description: PerlCal CGI cal_make.pl script directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Unix, PerlCal 2.95 and prior Vulnerability: perlcal-calmake-directory-traversal X-Force URL: http://xforce.iss.net/static/6480.php
Date Reported: 04/28/2001 Brief Description: ICQ Web Front plugin denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier Vulnerability: icq-webfront-dos X-Force URL: http://xforce.iss.net/static/6474.php
Date Reported: 04/28/2001 Brief Description: Alex FTP Server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Alex's FTP Server 0.7 Vulnerability: alex-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6475.php
Date Reported: 04/28/2001 Brief Description: BRS WebWeaver FTP path disclosure Risk Factor: High Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-ftp-path-disclosure X-Force URL: http://xforce.iss.net/static/6477.php
Date Reported: 04/28/2001 Brief Description: BRS WebWeaver Web server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-web-directory-traversal X-Force URL: http://xforce.iss.net/static/6476.php
Date Reported: 04/29/2001 Brief Description: Winamp AIP buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Winamp 2.6x and 2.7x Vulnerability: winamp-aip-bo X-Force URL: http://xforce.iss.net/static/6479.php
Date Reported: 04/29/2001 Brief Description: BearShare "dot dot" allows remote attacker to traverse directories and download any file Risk Factor: Medium Attack Type: Network Based Platforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows 98, Windows ME Vulnerability: bearshare-dot-download-files X-Force URL: http://xforce.iss.net/static/6481.php
Date Reported: 05/01/2001 Brief Description: IIS 5.0 ISAPI extension buffer overflow Risk Factor: High Attack Type: Network Based Platforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server Vulnerability: iis-isapi-bo X-Force URL: http://xforce.iss.net/static/6485.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
About Internet Security Systems (ISS)
Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD J/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO rbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y OAtrNiOkj7o= =kYl+ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200106-0149",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "lotus",
"version": null
},
{
"model": "imail",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "6.06"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rit",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "6.06"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.101"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.51"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.49"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.48"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.47"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.46"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.45"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.44"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.43"
},
{
"model": "research labs the bat! f",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.42"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.42"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.41"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.39"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.36"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.35"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.34"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.33"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.32"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.31"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.22"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.21"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.19"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.18"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.17"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.15"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.14"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.5"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.1"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.043"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.041"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.039"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.036"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.035"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.032"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.031"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.029"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.028"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.015"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.011"
},
{
"model": "research labs the bat!",
"scope": "ne",
"trust": 0.3,
"vendor": "rit",
"version": "1.52"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#642760"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.06",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported to bugtraq by 3APA3A \u003c3APA3A@SECURITY.NNOV.RU\u003e on Wed, 18 Apr, 2001.",
"sources": [
{
"db": "BID",
"id": "2636"
}
],
"trust": 0.3
},
"cve": "CVE-2001-0494",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3312",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0494",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#601312",
"trust": 0.8,
"value": "9.98"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#642760",
"trust": 0.8,
"value": "10.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#555464",
"trust": 0.8,
"value": "4.25"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#310816",
"trust": 0.8,
"value": "1.62"
},
{
"author": "CNNVD",
"id": "CNNVD-200106-136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3312",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#642760"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-3312"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. \"The Bat!\" is an MUA for Windows by Rit Research Labs. \n\"The Bat!\" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause \"The Bat!\" to incorrectly interpret the message\u0027s structure. This can lead \"The Bat!\" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. \nAs a result, the user will remain unable to receive new email messages from the affected POP3 account. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nMay 10, 2001\nVolume 6 Number 6\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at:\nhttp://xforce.iss.net/alerts/vol-6_num-6.php\n\n_____\n\nContents:\n* 120 Reported Vulnerabilities\n* Risk Factor Key\n_____\n\n\nDate Reported: 04/02/2001\nBrief Description: The Bat! masked file type in email attachment\n could allow execution of code\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: The Bat! 1.49 and earlier\nVulnerability: thebat-masked-file-type\nX-Force URL: http://xforce.iss.net/static/6324.php\n\nDate Reported: 04/02/2001\nBrief Description: PHP-Nuke could allow attackers to redirect ad\n banner URL links\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: PHP-Nuke 4.4 and earlier\nVulnerability: php-nuke-url-redirect\nX-Force URL: http://xforce.iss.net/static/6342.php\n\nDate Reported: 04/03/2001\nBrief Description: Orinoco RG-1000 Residential Gateway default SSID\n reveals WEP encryption key\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Orinoco Residential Gateway RG-1000\nVulnerability: orinoco-rg1000-wep-key\nX-Force URL: http://xforce.iss.net/static/6328.php\n\nDate Reported: 04/03/2001\nBrief Description: Navision Financials server denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Navision Financials 2.5 and 2.6\nVulnerability: navision-server-dos\nX-Force URL: http://xforce.iss.net/static/6318.php\n\nDate Reported: 04/03/2001\nBrief Description: uStorekeeper online shopping system allows\n remote file retrieval\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: uStorekeeper 1.61\nVulnerability: ustorekeeper-retrieve-files\nX-Force URL: http://xforce.iss.net/static/6319.php\n\nDate Reported: 04/03/2001\nBrief Description: Resin server allows remote attackers to view\n Javabean files\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Resin 1.2.x, Resin 1.3b1\nVulnerability: resin-view-javabean\nX-Force URL: http://xforce.iss.net/static/6320.php\n\nDate Reported: 04/03/2001\nBrief Description: BPFTP could allow attackers to obtain login\n credentials\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: BPFTP 2.0\nVulnerability: bpftp-obtain-credentials\nX-Force URL: http://xforce.iss.net/static/6330.php\n\nDate Reported: 04/04/2001\nBrief Description: Ntpd server readvar control message buffer\n overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, \n Slackware Linux 7.1, Engarde Secure Linux 1.0.1,\n Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and\n earlier, FreeBSD 4.2-Stable, Mandrake Linux\n Corporate Server 1.0.1, Mandrake Linux 7.2,\n Trustix Secure Linux, Immunix Linux 7.0, \n NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux\n eServer 2.3.1\nVulnerability: ntpd-remote-bo\nX-Force URL: http://xforce.iss.net/static/6321.php\n\nDate Reported: 04/04/2001\nBrief Description: Cisco CSS debug mode allows users to gain\n administrative access\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Cisco Content Services Switch 11050, Cisco \n Content Services Switch 11150, Cisco Content\n Services Switch 11800\nVulnerability: cisco-css-elevate-privileges\nX-Force URL: http://xforce.iss.net/static/6322.php\n\nDate Reported: 04/04/2001\nBrief Description: BEA Tuxedo may allow access to remote services\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: BEA Tuxedo 7.1\nVulnerability: bea-tuxedo-remote-access\nX-Force URL: http://xforce.iss.net/static/6326.php\n\nDate Reported: 04/05/2001\nBrief Description: Ultimate Bulletin Board could allow attackers to\n bypass authentication\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin\n Board 5.4.7e\nVulnerability: ultimatebb-bypass-authentication\nX-Force URL: http://xforce.iss.net/static/6339.php\n\nDate Reported: 04/05/2001\nBrief Description: BinTec X4000 NMAP denial of service\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000,\n BinTec X1200\nVulnerability: bintec-x4000-nmap-dos\nX-Force URL: http://xforce.iss.net/static/6323.php\n\nDate Reported: 04/05/2001\nBrief Description: WatchGuard Firebox II kernel denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: WatchGuard Firebox II prior to 4.6\nVulnerability: firebox-kernel-dos\nX-Force URL: http://xforce.iss.net/static/6327.php\n\nDate Reported: 04/06/2001\nBrief Description: Cisco PIX denial of service due to multiple \n TACACS+ requests\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Cisco PIX Firewall 5.1.4\nVulnerability: cisco-pix-tacacs-dos\nX-Force URL: http://xforce.iss.net/static/6353.php\n\nDate Reported: 04/06/2001\nBrief Description: Darren Reed\u0027s IP Filter allows attackers to\n access UDP and TCP ports\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: IP Filter 3.4.16\nVulnerability: ipfilter-access-ports\nX-Force URL: http://xforce.iss.net/static/6331.php\n\nDate Reported: 04/06/2001\nBrief Description: Veritas NetBackup nc (netcat) command denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: NetBackup 3.2\nVulnerability: veritas-netbackup-nc-dos\nX-Force URL: http://xforce.iss.net/static/6329.php\n\nDate Reported: 04/08/2001\nBrief Description: PGP may allow malicious users to access\n authenticated split keys\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: PGP 7.0\nVulnerability: nai-pgp-split-keys\nX-Force URL: http://xforce.iss.net/static/6341.php\n\nDate Reported: 04/09/2001\nBrief Description: Solaris kcms_configure command line buffer\n overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 7, Solaris 8\nVulnerability: solaris-kcms-command-bo\nX-Force URL: http://xforce.iss.net/static/6359.php\n\nDate Reported: 04/09/2001\nBrief Description: TalkBack CGI script could allow remote attackers\n to read files on the Web server\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: TalkBack prior to 1.2\nVulnerability: talkback-cgi-read-files\nX-Force URL: http://xforce.iss.net/static/6340.php\n\nDate Reported: 04/09/2001\nBrief Description: Multiple FTP glob(3) implementation\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, \n HP-UX 11.00, NetBSD\nVulnerability: ftp-glob-implementation\nX-Force URL: http://xforce.iss.net/static/6333.php\n\nDate Reported: 04/09/2001\nBrief Description: Pine mail client temp file symbolic link\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat\n Linux 6.2, Red Hat Linux 7.0\nVulnerability: pine-tmp-file-symlink\nX-Force URL: http://xforce.iss.net/static/6367.php\n\nDate Reported: 04/09/2001\nBrief Description: Multiple FTP glob(3) expansion\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x,\n OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5\nVulnerability: ftp-glob-expansion\nX-Force URL: http://xforce.iss.net/static/6332.php\n\nDate Reported: 04/09/2001\nBrief Description: Netscape embedded JavaScript in GIF file \n comments can be used to access remote data\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2,\n Debian Linux 2.2, Conectiva Linux, Red Hat Linux\n 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, \n Red Hat Linux 7.1\nVulnerability: netscape-javascript-access-data\nX-Force URL: http://xforce.iss.net/static/6344.php\n\nDate Reported: 04/09/2001\nBrief Description: STRIP generates weak passwords\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: STRIP 0.5 and earlier\nVulnerability: strip-weak-passwords\nX-Force URL: http://xforce.iss.net/static/6362.php\n\nDate Reported: 04/10/2001\nBrief Description: Solaris Xsun HOME environment variable buffer\n overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 7\nVulnerability: solaris-xsun-home-bo\nX-Force URL: http://xforce.iss.net/static/6343.php\n\nDate Reported: 04/10/2001\nBrief Description: Compaq Presario Active X denial of service\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Compaq Presario, Windows 98, Windows ME\nVulnerability: compaq-activex-dos\nX-Force URL: http://xforce.iss.net/static/6355.php\n\nDate Reported: 04/10/2001\nBrief Description: Alcatel ADSL modems \u0027EXPERT\u0027 account\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Alcatel ADSL Network Termination Device 1000,\n Alcatel Speed Touch ADSL modem Home\nVulnerability: alcatel-expert-account\nX-Force URL: http://xforce.iss.net/static/6354.php\n\nDate Reported: 04/10/2001\nBrief Description: Alcatel ADSL modems allow attacker on LAN to\n gain access using TFTP\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Alcatel ADSL Network Termination Device 1000,\n Alcatel Speed Touch ADSL modem Home\nVulnerability: alcatel-tftp-lan-access\nX-Force URL: http://xforce.iss.net/static/6336.php\n\nDate Reported: 04/10/2001\nBrief Description: Alcatel ADSL modems allow attacker on WAN to\n gain access using TFTP\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Alcatel ADSL Network Termination Device 1000,\n Alcatel Speed Touch ADSL modem Home\nVulnerability: alcatel-tftp-wan-access\nX-Force URL: http://xforce.iss.net/static/6337.php\n\nDate Reported: 04/10/2001\nBrief Description: Oracle Application Server shared library\n (ndwfn4.so) buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: iPlanet Web Server 4.x, Oracle Application\n Server 4.0.8.2\nVulnerability: oracle-appserver-ndwfn4-bo\nX-Force URL: http://xforce.iss.net/static/6334.php\n\nDate Reported: 04/10/2001\nBrief Description: Alcatel ADSL modems use blank password by\n default\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Alcatel ADSL Network Termination Device 1000,\n Alcatel Speed Touch ADSL modem Home\nVulnerability: alcatel-blank-password\nX-Force URL: http://xforce.iss.net/static/6335.php\n\nDate Reported: 04/11/2001\nBrief Description: Solaris dtsession buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 7\nVulnerability: solaris-dtsession-bo\nX-Force URL: http://xforce.iss.net/static/6366.php\n\nDate Reported: 04/11/2001\nBrief Description: Solaris kcsSUNWIOsolf.so buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 7, Solaris 8\nVulnerability: solaris-kcssunwiosolf-bo\nX-Force URL: http://xforce.iss.net/static/6365.php\n\nDate Reported: 04/11/2001\nBrief Description: Lightwave ConsoleServer brute force password\n attack\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Lightwave ConsoleServer 3200\nVulnerability: lightwave-consoleserver-brute-force\nX-Force URL: http://xforce.iss.net/static/6345.php\n\nDate Reported: 04/11/2001\nBrief Description: nph-maillist allows user to execute code\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Email List Generator 3.5 and earlier\nVulnerability: nph-maillist-execute-code\nX-Force URL: http://xforce.iss.net/static/6363.php\n\nDate Reported: 04/11/2001\nBrief Description: Symantec Ghost Configuration Server denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Ghost 6.5\nVulnerability: ghost-configuration-server-dos\nX-Force URL: http://xforce.iss.net/static/6357.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server DOS device denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-device-dos\nX-Force URL: http://xforce.iss.net/static/6348.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server HTTP header denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-header-dos\nX-Force URL: http://xforce.iss.net/static/6347.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server URL parsing denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-url-dos\nX-Force URL: http://xforce.iss.net/static/6351.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server CORBA denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-corba-dos\nX-Force URL: http://xforce.iss.net/static/6350.php\n\nDate Reported: 04/11/2001\nBrief Description: Symantec Ghost database engine denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Ghost 6.5, Sybase Adaptive Server Database\n Engine 6.0.3.2747\nVulnerability: ghost-database-engine-dos\nX-Force URL: http://xforce.iss.net/static/6356.php\n\nDate Reported: 04/11/2001\nBrief Description: cfingerd daemon remote format string\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd\n 1.4.3 and earlier\nVulnerability: cfingerd-remote-format-string\nX-Force URL: http://xforce.iss.net/static/6364.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server Unicode denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-unicode-dos\nX-Force URL: http://xforce.iss.net/static/6349.php\n\nDate Reported: 04/11/2001\nBrief Description: Linux mkpasswd generates weak passwords\nRisk Factor: High\nAttack Type: Host Based\nPlatforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd \nVulnerability: mkpasswd-weak-passwords\nX-Force URL: http://xforce.iss.net/static/6382.php\n\nDate Reported: 04/12/2001\nBrief Description: Solaris ipcs utility buffer overflow\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: Solaris 7\nVulnerability: solaris-ipcs-bo\nX-Force URL: http://xforce.iss.net/static/6369.php\n\nDate Reported: 04/12/2001\nBrief Description: InterScan VirusWall ISADMIN service buffer \n overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Linux kernel , InterScan VirusWall 3.0.1\nVulnerability: interscan-viruswall-isadmin-bo\nX-Force URL: http://xforce.iss.net/static/6368.php\n\nDate Reported: 04/12/2001\nBrief Description: HylaFAX hfaxd format string\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE\n Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1,\n Mandrake Linux 7.2, Mandrake Linux Corporate\n Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 \nVulnerability: hylafax-hfaxd-format-string\nX-Force URL: http://xforce.iss.net/static/6377.php\n\nDate Reported: 04/12/2001\nBrief Description: Cisco VPN 3000 Concentrators invalid IP Option\n denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F\nVulnerability: cisco-vpn-ip-dos\nX-Force URL: http://xforce.iss.net/static/6360.php\n\nDate Reported: 04/13/2001\nBrief Description: Net.Commerce package in IBM WebSphere reveals\n installation path\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris\n 7, Windows NT 4.0\nVulnerability: ibm-websphere-reveals-path\nX-Force URL: http://xforce.iss.net/static/6371.php\n\nDate Reported: 04/13/2001\nBrief Description: QPC ftpd buffer overflow\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: QVT/Term 5.0, QVT/Net 5.0\nVulnerability: qpc-ftpd-bo\nX-Force URL: http://xforce.iss.net/static/6376.php\n\nDate Reported: 04/13/2001\nBrief Description: QPC ftpd directory traversal\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: QVT/Net 5.0, QVT/Term 5.0\nVulnerability: qpc-ftpd-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6375.php\n\nDate Reported: 04/13/2001\nBrief Description: QPC popd buffer overflow\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: QVT/Net 5.0\nVulnerability: qpc-popd-bo\nX-Force URL: http://xforce.iss.net/static/6374.php\n\nDate Reported: 04/13/2001\nBrief Description: NCM Content Management System access database\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: NCM Content Management System\nVulnerability: ncm-content-database-access\nX-Force URL: http://xforce.iss.net/static/6386.php\n\nDate Reported: 04/13/2001\nBrief Description: Netscape SmartDownload \u0027sdph20.dll\u0027 buffer overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows\n 95, Windows 98\nVulnerability: netscape-smartdownload-sdph20-bo\nX-Force URL: http://xforce.iss.net/static/6403.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer accept buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-accept-bo\nX-Force URL: http://xforce.iss.net/static/6404.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer cancel buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-cancel-bo\nX-Force URL: http://xforce.iss.net/static/6406.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer disable buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-disable-bo\nX-Force URL: http://xforce.iss.net/static/6407.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer enable buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-enable-bo\nX-Force URL: http://xforce.iss.net/static/6409.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer lp buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-lp-bo\nX-Force URL: http://xforce.iss.net/static/6410.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer lpfilter buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-lpfilter-bo\nX-Force URL: http://xforce.iss.net/static/6411.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer lpstat buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-lpstat-bo\nX-Force URL: http://xforce.iss.net/static/6413.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer reject buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-reject-bo\nX-Force URL: http://xforce.iss.net/static/6414.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer rmail buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-rmail-bo\nX-Force URL: http://xforce.iss.net/static/6415.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer tput buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-tput-bo\nX-Force URL: http://xforce.iss.net/static/6416.php\n\nDate Reported: 04/13/2001\nBrief Description: IBM WebSphere CGI macro denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX\n 4.3.x, Solaris 7\nVulnerability: ibm-websphere-macro-dos\nX-Force URL: http://xforce.iss.net/static/6372.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer lpmove buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-lpmove-bo\nX-Force URL: http://xforce.iss.net/static/6412.php\n\nDate Reported: 04/14/2001\nBrief Description: Siemens Reliant Unix ppd -T symlink\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant\n Unix 5.44\nVulnerability: reliant-unix-ppd-symlink\nX-Force URL: http://xforce.iss.net/static/6408.php\n\nDate Reported: 04/15/2001\nBrief Description: Linux Exuberant Ctags package symbolic link\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Debian Linux 2.2, exuberant-ctags\nVulnerability: exuberant-ctags-symlink\nX-Force URL: http://xforce.iss.net/static/6388.php\n\nDate Reported: 04/15/2001\nBrief Description: processit.pl CGI could allow attackers to view\n sensitive information about the Web server\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: processit.pl\nVulnerability: processit-cgi-view-info\nX-Force URL: http://xforce.iss.net/static/6385.php\n\nDate Reported: 04/16/2001\nBrief Description: Microsoft ISA Server Web Proxy denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Microsoft ISA Server 2000\nVulnerability: isa-web-proxy-dos\nX-Force URL: http://xforce.iss.net/static/6383.php\n\nDate Reported: 04/16/2001\nBrief Description: Microsoft Internet Explorer altering CLSID\n action allows malicious file execution\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98 \nVulnerability: ie-clsid-execute-files\nX-Force URL: http://xforce.iss.net/static/6426.php\n\nDate Reported: 04/16/2001\nBrief Description: Cisco Catalyst 5000 series switch 802.1x denial\n of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Cisco Catalyst 5000 Series\nVulnerability: cisco-catalyst-8021x-dos\nX-Force URL: http://xforce.iss.net/static/6379.php\n\nDate Reported: 04/16/2001\nBrief Description: BubbleMon allows users to gain elevated \n privileges\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: BubbleMon prior to 1.32, FreeBSD\nVulnerability: bubblemon-elevate-privileges\nX-Force URL: http://xforce.iss.net/static/6378.php\n\nDate Reported: 04/16/2001\nBrief Description: DCForum CGI az= field directory traversal\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: DCForum 2000 1.0\nVulnerability: dcforum-az-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6391.php\n\nDate Reported: 04/16/2001\nBrief Description: DCForum CGI az= field allows attacker to upload\n files\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: DCForum 2000 1.0\nVulnerability: dcforum-az-file-upload\nX-Force URL: http://xforce.iss.net/static/6393.php\n\nDate Reported: 04/16/2001\nBrief Description: DCForum CGI az= field EXPR allows attacker to\n execute commands\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: DCForum 2000 1.0\nVulnerability: dcforum-az-expr\nX-Force URL: http://xforce.iss.net/static/6392.php\n\nDate Reported: 04/16/2001\nBrief Description: Linux NetFilter IPTables\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Linux kernel 2.4, Red Hat Linux 7.1\nVulnerability: linux-netfilter-iptables\nX-Force URL: http://xforce.iss.net/static/6390.php\n\nDate Reported: 04/17/2001\nBrief Description: Xitami Web server denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4\nVulnerability: xitami-server-dos\nX-Force URL: http://xforce.iss.net/static/6389.php\n\nDate Reported: 04/17/2001\nBrief Description: Samba tmpfile symlink attack could allow\n elevated privileges\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0,\n Progeny Linux, Caldera OpenLinux eBuilder,\n Trustix Secure Linux 1.01, Mandrake Linux \n Corporate Server 1.0.1, FreeBSD 4.2, Immunix\n Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0\n Beta, Caldera OpenLinux eServer 2.3.1, Caldera\n OpenLinux eDesktop 2.4, FreeBSD 3.5.1\nVulnerability: samba-tmpfile-symlink\nX-Force URL: http://xforce.iss.net/static/6396.php\n\nDate Reported: 04/17/2001\nBrief Description: GoAhead WebServer \"aux\" denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME\nVulnerability: goahead-aux-dos\nX-Force URL: http://xforce.iss.net/static/6400.php\n\nDate Reported: 04/17/2001\nBrief Description: AnalogX SimpleServer:WWW \"aux\" denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: SimpleServer:WWW 1.03 to 1.08\nVulnerability: analogx-simpleserver-aux-dos\nX-Force URL: http://xforce.iss.net/static/6395.php\n\nDate Reported: 04/17/2001\nBrief Description: Viking Server hexadecimal URL encoded format\n directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Viking Server prior to 1.07-381\nVulnerability: viking-hex-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6394.php\n\nDate Reported: 04/17/2001\nBrief Description: Solaris FTP server allows attacker to recover\n shadow file\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Solaris 2.6\nVulnerability: solaris-ftp-shadow-recovery\nX-Force URL: http://xforce.iss.net/static/6422.php\n\nDate Reported: 04/18/2001\nBrief Description: The Bat! pop3 denial of service\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: The Bat! 1.51, Windows\nVulnerability: thebat-pop3-dos\nX-Force URL: http://xforce.iss.net/static/6423.php\n\nDate Reported: 04/18/2001\nBrief Description: Eudora allows attacker to obtain files using\n plain text attachments\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Eudora 5.0.2\nVulnerability: eudora-plain-text-attachment\nX-Force URL: http://xforce.iss.net/static/6431.php\n\nDate Reported: 04/18/2001\nBrief Description: VMware vmware-mount.pl symlink\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: VMware\nVulnerability: vmware-mount-symlink\nX-Force URL: http://xforce.iss.net/static/6420.php\n\nDate Reported: 04/18/2001\nBrief Description: KFM tmpfile symbolic link could allow local\n attackers to overwrite files\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: SuSE Linux 7.0, K File Manager (KFM)\nVulnerability: kfm-tmpfile-symlink\nX-Force URL: http://xforce.iss.net/static/6428.php\n\nDate Reported: 04/18/2001\nBrief Description: CyberScheduler timezone remote buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: CyberScheduler, Mandrake Linux, Windows 2000,\n IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, \n Slackware Linux, Red Hat Linux, IIS 4.0, Debian\n Linux, Solaris 2.5, Solaris 2.6, Caldera \n OpenLinux, Windows NT\nVulnerability: cyberscheduler-timezone-bo\nX-Force URL: http://xforce.iss.net/static/6401.php\n\nDate Reported: 04/18/2001\nBrief Description: Microsoft Data Access Component Internet\n Publishing Provider allows WebDAV access\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Microsoft Data Access Component 8.103.2519.0,\n Windows 95, Windows NT 4.0, Windows 98, Windows\n 98 Second Edition, Windows 2000, Windows ME \nVulnerability: ms-dacipp-webdav-access\nX-Force URL: http://xforce.iss.net/static/6405.php\n\nDate Reported: 04/18/2001\nBrief Description: Oracle tnslsnr80.exe denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8\nVulnerability: oracle-tnslsnr80-dos\nX-Force URL: http://xforce.iss.net/static/6427.php\n\nDate Reported: 04/18/2001\nBrief Description: innfeed -c flag buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux,\n INN prior to 2.3.1\nVulnerability: innfeed-c-bo\nX-Force URL: http://xforce.iss.net/static/6398.php\n\nDate Reported: 04/18/2001\nBrief Description: iPlanet Calendar Server stores username and\n password in plaintext\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: iPlanet Calendar Server 5.0p2\nVulnerability: iplanet-calendar-plaintext-password\nX-Force URL: http://xforce.iss.net/static/6402.php\n\nDate Reported: 04/18/2001\nBrief Description: Linux NEdit symlink when printing\nRisk Factor: High\nAttack Type: Host Based\nPlatforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux\n 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2,\n SuSE Linux 7.0, Mandrake Linux Corporate Server\n 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0\nVulnerability: nedit-print-symlink\nX-Force URL: http://xforce.iss.net/static/6424.php\n\nDate Reported: 04/19/2001\nBrief Description: CheckBO TCP buffer overflow\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: CheckBO 1.56 and earlier\nVulnerability: checkbo-tcp-bo\nX-Force URL: http://xforce.iss.net/static/6436.php\n\nDate Reported: 04/19/2001\nBrief Description: HP-UX pcltotiff uses insecure permissions\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, \n HP-UX 10.26\nVulnerability: hp-pcltotiff-insecure-permissions\nX-Force URL: http://xforce.iss.net/static/6447.php\n\nDate Reported: 04/19/2001\nBrief Description: Netopia Timbuktu allows unauthorized system\n access\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Timbuktu Pro, Macintosh OS X\nVulnerability: netopia-timbuktu-gain-access\nX-Force URL: http://xforce.iss.net/static/6452.php\n\nDate Reported: 04/20/2001\nBrief Description: Cisco CBOS could allow attackers to gain \n privileged information\nRisk Factor: High\nAttack Type: Host Based / Network Based\nPlatforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053\nVulnerability: cisco-cbos-gain-information\nX-Force URL: http://xforce.iss.net/static/6453.php\n\nDate Reported: 04/20/2001\nBrief Description: Internet Explorer 5.x allows active scripts \n using XML stylesheets\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Internet Explorer 5.x, Outlook Express 5.x\nVulnerability: ie-xml-stylesheets-scripting\nX-Force URL: http://xforce.iss.net/static/6448.php\n\nDate Reported: 04/20/2001\nBrief Description: Linux gftp format string\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, \n Mandrake Linux Corporate Server 1.0.1, Immunix\n Linux 7.0, Red Hat Linux 7.1, Mandrake Linux\n 7.2, Immunix Linux 6.2, Immunix 7.0 beta, \n Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat\n Linux 7.0\nVulnerability: gftp-format-string\nX-Force URL: http://xforce.iss.net/static/6478.php\n\nDate Reported: 04/20/2001\nBrief Description: Novell BorderManager VPN client SYN requests \n denial of service\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: Novell BorderManager 3.5\nVulnerability: bordermanager-vpn-syn-dos\nX-Force URL: http://xforce.iss.net/static/6429.php\n\nDate Reported: 04/20/2001\nBrief Description: SAFT sendfiled could allow the execution of\n arbitrary code\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Debian Linux 2.2, Progeny Linux, sendfile\nVulnerability: saft-sendfiled-execute-code\nX-Force URL: http://xforce.iss.net/static/6430.php\n\nDate Reported: 04/21/2001\nBrief Description: Mercury MTA for Novell Netware buffer overflow\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare\nVulnerability: mercury-mta-bo\nX-Force URL: http://xforce.iss.net/static/6444.php\n\nDate Reported: 04/21/2001\nBrief Description: QNX allows attacker to read files on FAT \n partition\nRisk Factor: High\nAttack Type: Host Based / Network Based\nPlatforms Affected: QNX 2.4\nVulnerability: qnx-fat-file-read\nX-Force URL: http://xforce.iss.net/static/6437.php\n\nDate Reported: 04/23/2001\nBrief Description: Viking Server \"dot dot\" (\\...\\) directory\n traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Viking Server 1.0.7\nVulnerability: viking-dot-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6450.php\n\nDate Reported: 04/24/2001\nBrief Description: NetCruiser Web Server could reveal directory\n path\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: NetCruiser Web Server 0.1.2.8\nVulnerability: netcruiser-server-path-disclosure\nX-Force URL: http://xforce.iss.net/static/6468.php\n\nDate Reported: 04/24/2001\nBrief Description: Perl Web Server directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Perl Web Server 0.3 and prior\nVulnerability: perl-webserver-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6451.php\n\nDate Reported: 04/24/2001\nBrief Description: Small HTTP Server /aux denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Small HTTP Server 2.03\nVulnerability: small-http-aux-dos\nX-Force URL: http://xforce.iss.net/static/6446.php\n\nDate Reported: 04/24/2001\nBrief Description: IPSwitch IMail SMTP daemon mailing list handler\n buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: IPSwitch Imail 6.06 and earlier\nVulnerability: ipswitch-imail-smtp-bo\nX-Force URL: http://xforce.iss.net/static/6445.php\n\nDate Reported: 04/25/2001\nBrief Description: MIT Kerberos 5 could allow attacker to gain root\n access by injecting base64-encoded data\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: MIT Kerberos 5\nVulnerability: kerberos-inject-base64-encode\nX-Force URL: http://xforce.iss.net/static/6454.php\n\nDate Reported: 04/26/2001\nBrief Description: IRIX netprint -n allows attacker to access\n shared library\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: IRIX 6.x\nVulnerability: irix-netprint-shared-library\nX-Force URL: http://xforce.iss.net/static/6473.php\n\nDate Reported: 04/26/2001\nBrief Description: WebXQ \"dot dot\" directory traversal\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Windows, WebXQ 2.1.204\nVulnerability: webxq-dot-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6466.php\n\nDate Reported: 04/26/2001\nBrief Description: RaidenFTPD \"dot dot\" directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1\nVulnerability: raidenftpd-dot-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6455.php\n\nDate Reported: 04/27/2001\nBrief Description: PerlCal CGI cal_make.pl script directory\n traversal\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Unix, PerlCal 2.95 and prior\nVulnerability: perlcal-calmake-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6480.php\n\nDate Reported: 04/28/2001\nBrief Description: ICQ Web Front plugin denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier\nVulnerability: icq-webfront-dos\nX-Force URL: http://xforce.iss.net/static/6474.php\n\nDate Reported: 04/28/2001\nBrief Description: Alex FTP Server \"dot dot\" directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Alex\u0027s FTP Server 0.7\nVulnerability: alex-ftp-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6475.php\n\nDate Reported: 04/28/2001\nBrief Description: BRS WebWeaver FTP path disclosure\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: BRS WebWeaver 0.63\nVulnerability: webweaver-ftp-path-disclosure\nX-Force URL: http://xforce.iss.net/static/6477.php\n\nDate Reported: 04/28/2001\nBrief Description: BRS WebWeaver Web server \"dot dot\" directory\n traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: BRS WebWeaver 0.63\nVulnerability: webweaver-web-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6476.php\n\nDate Reported: 04/29/2001\nBrief Description: Winamp AIP buffer overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Winamp 2.6x and 2.7x\nVulnerability: winamp-aip-bo\nX-Force URL: http://xforce.iss.net/static/6479.php\n\nDate Reported: 04/29/2001\nBrief Description: BearShare \"dot dot\" allows remote attacker to traverse\n directories and download any file\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows\n 98, Windows ME\nVulnerability: bearshare-dot-download-files\nX-Force URL: http://xforce.iss.net/static/6481.php\n\nDate Reported: 05/01/2001\nBrief Description: IIS 5.0 ISAPI extension buffer overflow\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000\n Advanced Server, Windows 2000 Datacenter Server\nVulnerability: iis-isapi-bo\nX-Force URL: http://xforce.iss.net/static/6485.php\n\n_____\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n________\n\n\nAbout Internet Security Systems (ISS) \n\nInternet Security Systems is a leading global provider of security\nmanagement solutions for the Internet, protecting digital assets and\nensuring safe and uninterrupted e-business. With its industry-leading\nintrusion detection and vulnerability assessment software, remote managed\nsecurity services, and strategic consulting and education offerings, ISS\nis a trusted security provider to more than 8,000 customers worldwide\nincluding 21 of the 25 largest U.S. commercial banks and the top 10 U.S. \ntelecommunications companies. Founded in 1994, ISS is headquartered in\nAtlanta, GA, with additional offices throughout North America and\ninternational operations in Asia, Australia, Europe, Latin America and the\nMiddle East. For more information, visit the Internet Security Systems\nweb site at www.iss.net or call 888-901-7477. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD\nJ/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO\nrbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y\nOAtrNiOkj7o=\n=kYl+\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0494"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#642760"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "VULHUB",
"id": "VHN-3312"
},
{
"db": "PACKETSTORM",
"id": "24836"
}
],
"trust": 4.23
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "OSVDB",
"id": "5610",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2001-0494",
"trust": 1.7
},
{
"db": "BID",
"id": "2636",
"trust": 1.1
},
{
"db": "XF",
"id": "6347",
"trust": 0.9
},
{
"db": "XF",
"id": "6351",
"trust": 0.9
},
{
"db": "XF",
"id": "6350",
"trust": 0.9
},
{
"db": "XF",
"id": "6423",
"trust": 0.9
},
{
"db": "BID",
"id": "2565",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#601312",
"trust": 0.8
},
{
"db": "BID",
"id": "2598",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#642760",
"trust": 0.8
},
{
"db": "BID",
"id": "2599",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#555464",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#310816",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136",
"trust": 0.7
},
{
"db": "XF",
"id": "6445",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20010424 IPSWITCH IMAIL 6.06 SMTP REMOTE SYSTEM ACCESS VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3312",
"trust": 0.1
},
{
"db": "XF",
"id": "6382",
"trust": 0.1
},
{
"db": "XF",
"id": "6475",
"trust": 0.1
},
{
"db": "XF",
"id": "6343",
"trust": 0.1
},
{
"db": "XF",
"id": "6386",
"trust": 0.1
},
{
"db": "XF",
"id": "6328",
"trust": 0.1
},
{
"db": "XF",
"id": "6333",
"trust": 0.1
},
{
"db": "XF",
"id": "6334",
"trust": 0.1
},
{
"db": "XF",
"id": "6376",
"trust": 0.1
},
{
"db": "XF",
"id": "6345",
"trust": 0.1
},
{
"db": "XF",
"id": "6422",
"trust": 0.1
},
{
"db": "XF",
"id": "6322",
"trust": 0.1
},
{
"db": "XF",
"id": "6378",
"trust": 0.1
},
{
"db": "XF",
"id": "6342",
"trust": 0.1
},
{
"db": "XF",
"id": "6453",
"trust": 0.1
},
{
"db": "XF",
"id": "6405",
"trust": 0.1
},
{
"db": "XF",
"id": "6321",
"trust": 0.1
},
{
"db": "XF",
"id": "6377",
"trust": 0.1
},
{
"db": "XF",
"id": "6428",
"trust": 0.1
},
{
"db": "XF",
"id": "6450",
"trust": 0.1
},
{
"db": "XF",
"id": "6332",
"trust": 0.1
},
{
"db": "XF",
"id": "6410",
"trust": 0.1
},
{
"db": "XF",
"id": "6478",
"trust": 0.1
},
{
"db": "XF",
"id": "6359",
"trust": 0.1
},
{
"db": "XF",
"id": "6485",
"trust": 0.1
},
{
"db": "XF",
"id": "6414",
"trust": 0.1
},
{
"db": "XF",
"id": "6371",
"trust": 0.1
},
{
"db": "XF",
"id": "6477",
"trust": 0.1
},
{
"db": "XF",
"id": "6395",
"trust": 0.1
},
{
"db": "XF",
"id": "6394",
"trust": 0.1
},
{
"db": "XF",
"id": "6353",
"trust": 0.1
},
{
"db": "XF",
"id": "6466",
"trust": 0.1
},
{
"db": "XF",
"id": "6481",
"trust": 0.1
},
{
"db": "XF",
"id": "6329",
"trust": 0.1
},
{
"db": "XF",
"id": "6372",
"trust": 0.1
},
{
"db": "XF",
"id": "6348",
"trust": 0.1
},
{
"db": "XF",
"id": "6437",
"trust": 0.1
},
{
"db": "XF",
"id": "6367",
"trust": 0.1
},
{
"db": "XF",
"id": "6411",
"trust": 0.1
},
{
"db": "XF",
"id": "6452",
"trust": 0.1
},
{
"db": "XF",
"id": "6354",
"trust": 0.1
},
{
"db": "XF",
"id": "6344",
"trust": 0.1
},
{
"db": "XF",
"id": "6356",
"trust": 0.1
},
{
"db": "XF",
"id": "6420",
"trust": 0.1
},
{
"db": "XF",
"id": "6424",
"trust": 0.1
},
{
"db": "XF",
"id": "6365",
"trust": 0.1
},
{
"db": "XF",
"id": "6415",
"trust": 0.1
},
{
"db": "XF",
"id": "6416",
"trust": 0.1
},
{
"db": "XF",
"id": "6412",
"trust": 0.1
},
{
"db": "XF",
"id": "6391",
"trust": 0.1
},
{
"db": "XF",
"id": "6447",
"trust": 0.1
},
{
"db": "XF",
"id": "6362",
"trust": 0.1
},
{
"db": "XF",
"id": "6408",
"trust": 0.1
},
{
"db": "XF",
"id": "6331",
"trust": 0.1
},
{
"db": "XF",
"id": "6431",
"trust": 0.1
},
{
"db": "XF",
"id": "6479",
"trust": 0.1
},
{
"db": "XF",
"id": "6429",
"trust": 0.1
},
{
"db": "XF",
"id": "6392",
"trust": 0.1
},
{
"db": "XF",
"id": "6396",
"trust": 0.1
},
{
"db": "XF",
"id": "6480",
"trust": 0.1
},
{
"db": "XF",
"id": "6468",
"trust": 0.1
},
{
"db": "XF",
"id": "6366",
"trust": 0.1
},
{
"db": "XF",
"id": "6327",
"trust": 0.1
},
{
"db": "XF",
"id": "6474",
"trust": 0.1
},
{
"db": "XF",
"id": "6319",
"trust": 0.1
},
{
"db": "XF",
"id": "6403",
"trust": 0.1
},
{
"db": "XF",
"id": "6413",
"trust": 0.1
},
{
"db": "XF",
"id": "6388",
"trust": 0.1
},
{
"db": "XF",
"id": "6363",
"trust": 0.1
},
{
"db": "XF",
"id": "6454",
"trust": 0.1
},
{
"db": "XF",
"id": "6364",
"trust": 0.1
},
{
"db": "XF",
"id": "6400",
"trust": 0.1
},
{
"db": "XF",
"id": "6339",
"trust": 0.1
},
{
"db": "XF",
"id": "6455",
"trust": 0.1
},
{
"db": "XF",
"id": "6341",
"trust": 0.1
},
{
"db": "XF",
"id": "6318",
"trust": 0.1
},
{
"db": "XF",
"id": "6436",
"trust": 0.1
},
{
"db": "XF",
"id": "6448",
"trust": 0.1
},
{
"db": "XF",
"id": "6320",
"trust": 0.1
},
{
"db": "XF",
"id": "6385",
"trust": 0.1
},
{
"db": "XF",
"id": "6379",
"trust": 0.1
},
{
"db": "XF",
"id": "6402",
"trust": 0.1
},
{
"db": "XF",
"id": "6426",
"trust": 0.1
},
{
"db": "XF",
"id": "6323",
"trust": 0.1
},
{
"db": "XF",
"id": "6369",
"trust": 0.1
},
{
"db": "XF",
"id": "6336",
"trust": 0.1
},
{
"db": "XF",
"id": "6427",
"trust": 0.1
},
{
"db": "XF",
"id": "6446",
"trust": 0.1
},
{
"db": "XF",
"id": "6349",
"trust": 0.1
},
{
"db": "XF",
"id": "6368",
"trust": 0.1
},
{
"db": "XF",
"id": "6389",
"trust": 0.1
},
{
"db": "XF",
"id": "6357",
"trust": 0.1
},
{
"db": "XF",
"id": "6476",
"trust": 0.1
},
{
"db": "XF",
"id": "6401",
"trust": 0.1
},
{
"db": "XF",
"id": "6326",
"trust": 0.1
},
{
"db": "XF",
"id": "6340",
"trust": 0.1
},
{
"db": "XF",
"id": "6337",
"trust": 0.1
},
{
"db": "XF",
"id": "6473",
"trust": 0.1
},
{
"db": "XF",
"id": "6375",
"trust": 0.1
},
{
"db": "XF",
"id": "6409",
"trust": 0.1
},
{
"db": "XF",
"id": "6390",
"trust": 0.1
},
{
"db": "XF",
"id": "6335",
"trust": 0.1
},
{
"db": "XF",
"id": "6393",
"trust": 0.1
},
{
"db": "XF",
"id": "6324",
"trust": 0.1
},
{
"db": "XF",
"id": "6404",
"trust": 0.1
},
{
"db": "XF",
"id": "6360",
"trust": 0.1
},
{
"db": "XF",
"id": "6398",
"trust": 0.1
},
{
"db": "XF",
"id": "6430",
"trust": 0.1
},
{
"db": "XF",
"id": "6406",
"trust": 0.1
},
{
"db": "XF",
"id": "6444",
"trust": 0.1
},
{
"db": "XF",
"id": "6330",
"trust": 0.1
},
{
"db": "XF",
"id": "6355",
"trust": 0.1
},
{
"db": "XF",
"id": "6407",
"trust": 0.1
},
{
"db": "XF",
"id": "6374",
"trust": 0.1
},
{
"db": "XF",
"id": "6383",
"trust": 0.1
},
{
"db": "XF",
"id": "6451",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "24836",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#642760"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-3312"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "PACKETSTORM",
"id": "24836"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"id": "VAR-200106-0149",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3312"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:31:18.052000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/advisories/3208"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html"
},
{
"trust": 1.7,
"url": "http://ipswitch.com/support/imail/news.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/5610"
},
{
"trust": 1.6,
"url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6445"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/6347.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/6351.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/6350.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/6423.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2565"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2598"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2599"
},
{
"trust": 0.8,
"url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2636"
},
{
"trust": 0.8,
"url": "http://www.ritlabs.com/the_bat/index.html"
},
{
"trust": 0.8,
"url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
},
{
"trust": 0.7,
"url": "http://xforce.iss.net/static/6445.php"
},
{
"trust": 0.3,
"url": "http://www.thebat.net"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6323.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6330.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6392.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6444.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6455.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6468.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6452.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6327.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6395.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6485.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6402.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6362.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6366.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6336.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6451.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6334.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6406.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6427.php"
},
{
"trust": 0.1,
"url": "https://www.iss.net"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6343.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6326.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6319.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6344.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6398.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6428.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6353.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6356.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6390.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6450.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6446.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6368.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6332.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6359.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6376.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6354.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6378.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6374.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6394.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6383.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6411.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6414.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6481.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6349.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6365.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6382.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6403.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6324.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6329.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6437.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6388.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6415.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6424.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6342.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6337.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6357.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6348.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/alerts/vol-6_num-6.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6407.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6379.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6389.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6436.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6466.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6412.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6448.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6400.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6318.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6478.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6454.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6372.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6420.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6335.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6345.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6479.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6355.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6321.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6364.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6476.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6393.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6391.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6341.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6371.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6429.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6369.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6405.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6431.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6422.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6410.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6360.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6401.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6413.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6474.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6477.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6385.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6473.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6328.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6377.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6416.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6339.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6367.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6453.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6375.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/maillists/index.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6475.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6430.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6340.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6396.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6426.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6331.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6386.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/sensitive.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6333.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6480.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6409.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6447.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6404.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6320.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6408.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6322.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6363.php"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#642760"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-3312"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "PACKETSTORM",
"id": "24836"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#642760"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "VULHUB",
"id": "VHN-3312"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "PACKETSTORM",
"id": "24836"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#601312"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#642760"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#555464"
},
{
"date": "2001-06-01T00:00:00",
"db": "CERT/CC",
"id": "VU#310816"
},
{
"date": "2001-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-3312"
},
{
"date": "2001-04-18T00:00:00",
"db": "BID",
"id": "2636"
},
{
"date": "2001-05-16T01:07:09",
"db": "PACKETSTORM",
"id": "24836"
},
{
"date": "2001-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"date": "2001-06-27T04:00:00",
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#601312"
},
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#642760"
},
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#555464"
},
{
"date": "2001-08-30T00:00:00",
"db": "CERT/CC",
"id": "VU#310816"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3312"
},
{
"date": "2001-04-18T00:00:00",
"db": "BID",
"id": "2636"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-136"
},
{
"date": "2017-10-10T01:29:45.267000",
"db": "NVD",
"id": "CVE-2001-0494"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "24836"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lotus Domino vulnerable to DoS via crafted HTTP header requests",
"sources": [
{
"db": "CERT/CC",
"id": "VU#601312"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200106-136"
}
],
"trust": 0.6
}
}
VAR-200411-0057
Vulnerability from variot - Updated: 2024-06-02 22:51Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length. Ipswitch, Inc. of Ipswitch Imail Exists in unspecified vulnerabilities.None. The Ipswitch LDAP daemon has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists due to a lack of sufficient boundary checks performed on user supplied LDAP tags. When attacker-supplied data containing large LDAP tags is processed by the affected service, a stack based buffer overflow condition will be triggered. A remote attacker may exploit this condition to execute arbitrary instructions in the security context of the affected service. Ipswitch IMail server is a WEB-based mail solution. The Ipswitch LDAP daemon does not adequately check user-supplied LDAP tokens. The LDAP message is composed of the length and content of the tag. The following tags 0x02 0x03 0x0A 0x25 0xBD represent integers 665, 501 (0xA25BD). If the length tag provided by the attacker is too long, the data provided by the user will be copied according to the tag length when the program is processed. Lack of sufficient bounds checks, may overwrite the memory address in the stack due to the following assembly specification: .text: 00401188 mov byte ptr [ebp+ecx+var_4], dl Carefully submitted copy data may be executed on the system with LDAP daemon process privileges Arbitrary instructions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200411-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 2.7,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 2.7,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#972334"
},
{
"db": "BID",
"id": "9682"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE Labs\u203b labs@idefense.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0297",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2004-0297",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-8727",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0297",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#972334",
"trust": 0.8,
"value": "38.48"
},
{
"author": "CNNVD",
"id": "CNNVD-200411-149",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-8727",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#972334"
},
{
"db": "VULHUB",
"id": "VHN-8727"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length. Ipswitch, Inc. of Ipswitch Imail Exists in unspecified vulnerabilities.None. The Ipswitch LDAP daemon has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists due to a lack of sufficient boundary checks performed on user supplied LDAP tags. When attacker-supplied data containing large LDAP tags is processed by the affected service, a stack based buffer overflow condition will be triggered. A remote attacker may exploit this condition to execute arbitrary instructions in the security context of the affected service. Ipswitch IMail server is a WEB-based mail solution. The Ipswitch LDAP daemon does not adequately check user-supplied LDAP tokens. The LDAP message is composed of the length and content of the tag. The following tags 0x02 0x03 0x0A 0x25 0xBD represent integers 665, 501 (0xA25BD). If the length tag provided by the attacker is too long, the data provided by the user will be copied according to the tag length when the program is processed. Lack of sufficient bounds checks, may overwrite the memory address in the stack due to the following assembly specification: .text: 00401188 mov byte ptr [ebp+ecx+var_4], dl Carefully submitted copy data may be executed on the system with LDAP daemon process privileges Arbitrary instructions",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0297"
},
{
"db": "CERT/CC",
"id": "VU#972334"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "BID",
"id": "9682"
},
{
"db": "VULHUB",
"id": "VHN-8727"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-8727",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8727"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#972334",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2004-0297",
"trust": 3.3
},
{
"db": "BID",
"id": "9682",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "3984",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "10880",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200411-149",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20040217 IPSWITCH IMAIL LDAP DAEMON REMOTE BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "XF",
"id": "15243",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-71326",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83017",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "157",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16824",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-8727",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#972334"
},
{
"db": "VULHUB",
"id": "VHN-8727"
},
{
"db": "BID",
"id": "9682"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"id": "VAR-200411-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8727"
}
],
"trust": 0.01
},
"last_update_date": "2024-06-02T22:51:08.976000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/9682"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/972334"
},
{
"trust": 2.5,
"url": "http://www.idefense.com/application/poi/display?id=74"
},
{
"trust": 1.9,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15243"
},
{
"trust": 1.7,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im805hf2.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/3984"
},
{
"trust": 0.8,
"url": "http://www.idefense.com/application/poi/display?id=74\u0026type=vulnerabilities"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/10880/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0297"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15243"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "/archive/1/354237"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#972334"
},
{
"db": "VULHUB",
"id": "VHN-8727"
},
{
"db": "BID",
"id": "9682"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#972334"
},
{
"db": "VULHUB",
"id": "VHN-8727"
},
{
"db": "BID",
"id": "9682"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-02-23T00:00:00",
"db": "CERT/CC",
"id": "VU#972334"
},
{
"date": "2004-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-8727"
},
{
"date": "2004-02-17T00:00:00",
"db": "BID",
"id": "9682"
},
{
"date": "2024-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"date": "2004-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"date": "2004-11-23T05:00:00",
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#972334"
},
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-8727"
},
{
"date": "2004-02-17T00:00:00",
"db": "BID",
"id": "9682"
},
{
"date": "2024-05-31T10:31:00",
"db": "JVNDB",
"id": "JVNDB-2004-000790"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200411-149"
},
{
"date": "2017-10-10T01:30:19.640000",
"db": "NVD",
"id": "CVE-2004-0297"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail Server LDAP daemon buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#972334"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200411-149"
}
],
"trust": 0.6
}
}
VAR-200507-0067
Vulnerability from variot - Updated: 2024-02-13 23:00IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. IMail is prone to a information disclosure vulnerability. IMAIL is an email system including WebMail
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200507-0067",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "2006"
}
],
"sources": [
{
"db": "BID",
"id": "89792"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89792"
}
],
"trust": 0.3
},
"cve": "CVE-2005-2160",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-13369",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2160",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200507-061",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-13369",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13369"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. IMail is prone to a information disclosure vulnerability. IMAIL is an email system including WebMail",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2160"
},
{
"db": "BID",
"id": "89792"
},
{
"db": "VULHUB",
"id": "VHN-13369"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2160",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200507-061",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20050705 IMAIL COOKIE VULNERABILITY (UNHASHED)",
"trust": 0.6
},
{
"db": "BID",
"id": "89792",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-13369",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13369"
},
{
"db": "BID",
"id": "89792"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"id": "VAR-200507-0067",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-13369"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T23:00:46.128000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=112060187204457\u0026w=2"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=112060187204457\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=112060187204457\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13369"
},
{
"db": "BID",
"id": "89792"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-13369"
},
{
"db": "BID",
"id": "89792"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-13369"
},
{
"date": "2005-07-06T00:00:00",
"db": "BID",
"id": "89792"
},
{
"date": "2005-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"date": "2005-07-06T04:00:00",
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-13369"
},
{
"date": "2005-07-06T00:00:00",
"db": "BID",
"id": "89792"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-061"
},
{
"date": "2024-02-13T16:19:26",
"db": "NVD",
"id": "CVE-2005-2160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch Imail cookie Information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-061"
}
],
"trust": 0.6
}
}
VAR-200208-0143
Vulnerability from variot - Updated: 2023-12-18 14:07Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter. Ipswitch IMail is an e-mail server that serves clients their mail via a web interface. It runs on Microsoft Windows operating systems. IMail normally runs in the SYSTEM context, meaning that successful exploitation will result in a full compromise of the underlying system. It should be noted that this condition may also be exploited to trigger a denial of service. The Ipswitch IMail service program includes multiple components including LDAP service, which allows remote clients to read the IMail directory, and there is a loophole in the authentication process that allows remote attackers to access the server with the authority of the SYSTEM account
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0143",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "4780"
},
{
"db": "NVD",
"id": "CVE-2002-0777"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0777"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dave Ahmad\u203b da@securityfocus.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0777",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-5168",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0777",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-106",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-5168",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5168"
},
{
"db": "NVD",
"id": "CVE-2002-0777"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long \"bind DN\" parameter. Ipswitch IMail is an e-mail server that serves clients their mail via a web interface. It runs on Microsoft Windows operating systems. \nIMail normally runs in the SYSTEM context, meaning that successful exploitation will result in a full compromise of the underlying system. \nIt should be noted that this condition may also be exploited to trigger a denial of service. The Ipswitch IMail service program includes multiple components including LDAP service, which allows remote clients to read the IMail directory, and there is a loophole in the authentication process that allows remote attackers to access the server with the authority of the SYSTEM account",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0777"
},
{
"db": "BID",
"id": "4780"
},
{
"db": "VULHUB",
"id": "VHN-5168"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4780",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-0777",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020520 FOUNDSTONE ADVISORY - BUFFER OVERFLOW IN IPSWITCH IMAIL 7.1 AND PRIOR (FWD)",
"trust": 0.6
},
{
"db": "XF",
"id": "9116",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5168",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5168"
},
{
"db": "BID",
"id": "4780"
},
{
"db": "NVD",
"id": "CVE-2002-0777"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
]
},
"id": "VAR-200208-0143",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5168"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:07:04.872000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0777"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4780"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9116.php"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/support/imail/patch-upgrades.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5168"
},
{
"db": "BID",
"id": "4780"
},
{
"db": "NVD",
"id": "CVE-2002-0777"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5168"
},
{
"db": "BID",
"id": "4780"
},
{
"db": "NVD",
"id": "CVE-2002-0777"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5168"
},
{
"date": "2002-05-20T00:00:00",
"db": "BID",
"id": "4780"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0777"
},
{
"date": "2002-05-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5168"
},
{
"date": "2002-05-20T00:00:00",
"db": "BID",
"id": "4780"
},
{
"date": "2008-09-05T20:28:55.350000",
"db": "NVD",
"id": "CVE-2002-0777"
},
{
"date": "2005-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server LDAP Remote buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "4780"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-106"
}
],
"trust": 0.9
}
}
VAR-200505-0002
Vulnerability from variot - Updated: 2023-12-18 14:02Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password. IMail is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.9,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "87973"
},
{
"db": "NVD",
"id": "CVE-1999-1557"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1557"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "87973"
}
],
"trust": 0.3
},
"cve": "CVE-1999-1557",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-1538",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-1999-1557",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-655",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-1538",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1538"
},
{
"db": "NVD",
"id": "CVE-1999-1557"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password. IMail is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1557"
},
{
"db": "BID",
"id": "87973"
},
{
"db": "VULHUB",
"id": "VHN-1538"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1538",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1538"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-1557",
"trust": 2.0
},
{
"db": "XF",
"id": "1895",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-200505-655",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "19990301 MULTIPLE IMAIL VULNERABILITES",
"trust": 0.6
},
{
"db": "BID",
"id": "87973",
"trust": 0.4
},
{
"db": "EXPLOIT-DB",
"id": "19377",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1538",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1538"
},
{
"db": "BID",
"id": "87973"
},
{
"db": "NVD",
"id": "CVE-1999-1557"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
]
},
"id": "VAR-200505-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1538"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:02:50.217000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1557"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1895"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=92038879607336\u0026w=2"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/1895.php"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=92038879607336\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1538"
},
{
"db": "BID",
"id": "87973"
},
{
"db": "NVD",
"id": "CVE-1999-1557"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1538"
},
{
"db": "BID",
"id": "87973"
},
{
"db": "NVD",
"id": "CVE-1999-1557"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-1538"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "87973"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-1999-1557"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-1538"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "87973"
},
{
"date": "2017-12-19T02:29:10.487000",
"db": "NVD",
"id": "CVE-1999-1557"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-655"
}
],
"trust": 0.6
}
}
VAR-200011-0041
Vulnerability from variot - Updated: 2023-12-18 13:58Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash. IPSwitch IMail is an e-mail server which provides WWW (HTTP) E-mail services. By default this web service resides on port 8181 or 8383. Sending an HTTP request with an extremely long "HOST" field multiple times can cause the system hosting the service to become unresponsive. Each long request "kills" a thread without freeing up the memory used by it. By repeating this request, the system's resources can be used up completely. Ipswitch Imail 6.0 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200011-0041",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.00"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "2011"
},
{
"db": "NVD",
"id": "CVE-2000-0825"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0825"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was revealed in an eEye advisory (#AD20000817) dated August 17, 2000.",
"sources": [
{
"db": "BID",
"id": "2011"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
],
"trust": 0.9
},
"cve": "CVE-2000-0825",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-2395",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2000-0825",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200011-049",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-2395",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2395"
},
{
"db": "NVD",
"id": "CVE-2000-0825"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash. IPSwitch IMail is an e-mail server which provides WWW (HTTP) E-mail services. By default this web service resides on port 8181 or 8383. Sending an HTTP request with an extremely long \"HOST\" field multiple times can cause the system hosting the service to become unresponsive. Each long request \"kills\" a thread without freeing up the memory used by it. By repeating this request, the system\u0027s resources can be used up completely. Ipswitch Imail 6.0 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0825"
},
{
"db": "BID",
"id": "2011"
},
{
"db": "VULHUB",
"id": "VHN-2395"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2011",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2000-0825",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20000817 IMAIL WEB SERVICE REMOTE DOS ATTACK V.2",
"trust": 0.6
},
{
"db": "XF",
"id": "5475",
"trust": 0.6
},
{
"db": "NTBUGTRAQ",
"id": "20000817 IMAIL WEB SERVICE REMOTE DOS ATTACK V.2",
"trust": 0.6
},
{
"db": "WIN2KSEC",
"id": "20000817 IMAIL WEB SERVICE REMOTE DOS ATTACK V.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-2395",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2395"
},
{
"db": "BID",
"id": "2011"
},
{
"db": "NVD",
"id": "CVE-2000-0825"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
]
},
"id": "VAR-200011-0041",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-2395"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:58:47.184000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0825"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2011"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=96659012127444\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=ntbugtraq\u0026m=96654521004571\u0026w=2"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5475"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/5475.php"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=ntbugtraq\u0026m=96654521004571\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=96659012127444\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/support/imail/patch-upgrades.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2395"
},
{
"db": "BID",
"id": "2011"
},
{
"db": "NVD",
"id": "CVE-2000-0825"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-2395"
},
{
"db": "BID",
"id": "2011"
},
{
"db": "NVD",
"id": "CVE-2000-0825"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-11-14T00:00:00",
"db": "VULHUB",
"id": "VHN-2395"
},
{
"date": "2000-08-17T00:00:00",
"db": "BID",
"id": "2011"
},
{
"date": "2000-11-14T05:00:00",
"db": "NVD",
"id": "CVE-2000-0825"
},
{
"date": "2000-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-2395"
},
{
"date": "2000-08-17T00:00:00",
"db": "BID",
"id": "2011"
},
{
"date": "2017-10-10T01:29:19.077000",
"db": "NVD",
"id": "CVE-2000-0825"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Web service\" HOST Denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "2011"
},
{
"db": "CNNVD",
"id": "CNNVD-200011-049"
}
],
"trust": 0.9
}
}
VAR-200010-0032
Vulnerability from variot - Updated: 2023-12-18 13:54The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. IPSWITCH ships a product titled IMail, an email server for usage on NT servers serving clients their mail via a web interface. To this end the IMail server provides a web server typically running on port 8383 for it's end users to access. Via this interface users may read and send mail, as well as mail with file attachments. Certain versions of IMail do not perform proper access validation however resulting in users being able to attach files resident on the server. The net result of this is users may attach files on the server to which they should have no access. This access is limited to the user privileges which the server is being run as, typically SYSTEM. It should be noted that once a user attachs the files in question the server deletes them
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200010-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "1617"
},
{
"db": "NVD",
"id": "CVE-2000-0780"
},
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0780"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was discovered and reported by Timescape \u003cvellad@kattare.com\u003e.\n\n This advisory was drafted with the help of the SecurityFocus.com Vulnerability Help Team. For more information or assistance drafting advisories please mail vulnhelp@securi",
"sources": [
{
"db": "BID",
"id": "1617"
}
],
"trust": 0.3
},
"cve": "CVE-2000-0780",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-2357",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2000-0780",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200010-093",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-2357",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2357"
},
{
"db": "NVD",
"id": "CVE-2000-0780"
},
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. IPSWITCH ships a product titled IMail, an email server for usage on NT servers serving clients their mail via a web interface. To this end the IMail server provides a web server typically running on port 8383 for it\u0027s end users to access. Via this interface users may read and send mail, as well as mail with file attachments. Certain versions of IMail do not perform proper access validation however resulting in users being able to attach files resident on the server. The net result of this is users may attach files on the server to which they should have no access. This access is limited to the user privileges which the server is being run as, typically SYSTEM. \nIt should be noted that once a user attachs the files in question the server deletes them",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0780"
},
{
"db": "BID",
"id": "1617"
},
{
"db": "VULHUB",
"id": "VHN-2357"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-2357",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2357"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "1617",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2000-0780",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200010-093",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20000830 VULNERABILITY REPORT ON IPSWITCH\u0027S IMAIL",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "20182",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-74070",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-2357",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2357"
},
{
"db": "BID",
"id": "1617"
},
{
"db": "NVD",
"id": "CVE-2000-0780"
},
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
]
},
"id": "VAR-200010-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-2357"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:54:27.235000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0780"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/1617"
},
{
"trust": 1.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=96767207207553\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=96767207207553\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2357"
},
{
"db": "BID",
"id": "1617"
},
{
"db": "NVD",
"id": "CVE-2000-0780"
},
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-2357"
},
{
"db": "BID",
"id": "1617"
},
{
"db": "NVD",
"id": "CVE-2000-0780"
},
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-2357"
},
{
"date": "2000-08-30T00:00:00",
"db": "BID",
"id": "1617"
},
{
"date": "2000-10-20T04:00:00",
"db": "NVD",
"id": "CVE-2000-0780"
},
{
"date": "2000-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-2357"
},
{
"date": "2000-08-30T00:00:00",
"db": "BID",
"id": "1617"
},
{
"date": "2016-10-18T02:07:29.647000",
"db": "NVD",
"id": "CVE-2000-0780"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSWITCH IMail web Server vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200010-093"
}
],
"trust": 0.6
}
}
VAR-200210-0230
Vulnerability from variot - Updated: 2023-12-18 13:54IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field. IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. It has been reported that such a transaction with the service results in a crash of the iwebcal service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200210-0230",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "5365"
},
{
"db": "NVD",
"id": "CVE-2002-1077"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1077"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovery credited to \u003c2c79cbe14ac7d0b8472d3f129fa1df55@hush.com\u003e.",
"sources": [
{
"db": "BID",
"id": "5365"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
],
"trust": 0.9
},
"cve": "CVE-2002-1077",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-5465",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1077",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200210-198",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5465",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5465"
},
{
"db": "NVD",
"id": "CVE-2002-1077"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field. IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. It has been reported that such a transaction with the service results in a crash of the iwebcal service",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1077"
},
{
"db": "BID",
"id": "5365"
},
{
"db": "VULHUB",
"id": "VHN-5465"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5465",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5465"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5365",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1077",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198",
"trust": 0.7
},
{
"db": "XF",
"id": "9722",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020730 IPSWITCH IMAIL ADVISORY #2",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21673",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75496",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5465",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5465"
},
{
"db": "BID",
"id": "5365"
},
{
"db": "NVD",
"id": "CVE-2002-1077"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
]
},
"id": "VAR-200210-0230",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5465"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:54:24.848000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1077"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5365"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9722.php"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/support/imail/patch-upgrades.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5465"
},
{
"db": "BID",
"id": "5365"
},
{
"db": "NVD",
"id": "CVE-2002-1077"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5465"
},
{
"db": "BID",
"id": "5365"
},
{
"db": "NVD",
"id": "CVE-2002-1077"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-5465"
},
{
"date": "2002-07-30T00:00:00",
"db": "BID",
"id": "5365"
},
{
"date": "2002-10-04T04:00:00",
"db": "NVD",
"id": "CVE-2002-1077"
},
{
"date": "2002-10-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5465"
},
{
"date": "2009-07-11T14:56:00",
"db": "BID",
"id": "5365"
},
{
"date": "2008-09-05T20:29:43.113000",
"db": "NVD",
"id": "CVE-2002-1077"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSwitch IMail Web Calendar Incomplete Mail Service Rejection Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "5365"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-198"
}
],
"trust": 0.9
}
}
VAR-199912-0146
Vulnerability from variot - Updated: 2023-12-18 13:50Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts. The encryption scheme used is weak and has been broken. The following description of the mechanism used is quoted from Matt Conover's post to Bugtraq, linked to in full in the Credits section. ENCRYPTION SCHEME Take the lowercase of the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Take each letter of the password, find it's ASCII equivalent and add the offset (ASCII value of first char of the account name minus 97) then subtract the corresponding difference. Use the differences recursively if the password length is greater than the length of the account name. This gives you the character's new ASCII value. Next, Look it up the new ASCII value in the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt) and you now have the encrypted letter. Example: Account Name: mike m = 109 i = 105 k = 107 e = 101 Differences: First - First: 0 First - Second: 4 First - Third: 2 First - Fourth: 8 Unencrypted Password: rocks r = 114 o = 111 c = 99 k = 107 s = 115 (ASCII value + offset) - difference: offset: (109 - 97) = 12 (114 + 12) - 0 = 126 (111 + 12) - 4 = 119 (99 + 12) - 2 = 109 (107 + 12) - 8 = 111 (115 + 12) - 0 = 127 126 = DF 119 = D8 109 = CE 111 = D0 127 = E0 Encrypted Password: DFD8CED0E0 The decryption scheme is a little easier. First, like the encryption scheme, take the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Now split the encrypted password by two characters (e.g., EFDE = EF DE) then look up their ASCII equivalent within the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt). Take that ASCII value and add the corresponding difference.Look this value up in the ascii table. This table is made by taking the ASCII value of the first character of the account name and setting it equal to 'a'. EXAMPLE Account Name: mike m = 109 i = 105 k = 107 e = 101 Differences: First - First: 0 First - Second: 4 First - Third: 2 First - Fourth: 8 Encrypted Password: DFD8CED0E0 DF = 126 D8 = 119 CE = 109 D0 = 111 E0 = 127 Add Difference: 126 + 0 = 126 119 + 4 = 123 109 + 2 = 111 111 + 8 = 119 127 + 0 = 127 Look up in table (see http://www.w00w00.org/imail_map.txt): 126 = r 123 = o 111 = c 119 = k 127 = s Unencrypted Password: rocks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199912-0146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted to Bugtraq on December 21, 1999 by Matt Conover \u003cshok@cannabis.dataforce.net\u003e.",
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
],
"trust": 0.9
},
"cve": "CVE-1999-1497",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-1478",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-1999-1497",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-199912-063",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-1478",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts. The encryption scheme used is weak and has been broken. The following description of the mechanism used is quoted from Matt Conover\u0027s post to Bugtraq, linked to in full in the Credits section. \nENCRYPTION SCHEME Take the lowercase of the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Take each letter of the password, find it\u0027s ASCII equivalent and add the offset (ASCII value of first char of the account name minus 97) then subtract the corresponding difference. Use the differences recursively if the password length is greater than the length of the account name. This gives you the character\u0027s new ASCII value. Next, Look it up the new ASCII value in the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt) and you now have the encrypted letter. \nExample:\nAccount Name: mike\nm = 109\ni = 105\nk = 107\ne = 101\nDifferences:\nFirst - First: 0\nFirst - Second: 4\nFirst - Third: 2\nFirst - Fourth: 8\nUnencrypted Password: rocks\nr = 114\no = 111\nc = 99\nk = 107\ns = 115\n(ASCII value + offset) - difference:\noffset: (109 - 97) = 12\n(114 + 12) - 0 = 126\n(111 + 12) - 4 = 119\n(99 + 12) - 2 = 109\n(107 + 12) - 8 = 111\n(115 + 12) - 0 = 127\n126 = DF\n119 = D8\n109 = CE\n111 = D0\n127 = E0\nEncrypted Password: DFD8CED0E0\nThe decryption scheme is a little easier. First, like the encryption scheme, take the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Now split the encrypted password by two characters (e.g., EFDE = EF DE) then look up their ASCII equivalent within the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt). Take that ASCII value and add the corresponding difference.Look this value up in the ascii table. This table is made by taking the ASCII value of the first character of the account name and setting it equal to \u0027a\u0027. \nEXAMPLE\nAccount Name: mike\nm = 109\ni = 105\nk = 107\ne = 101\nDifferences:\nFirst - First: 0\nFirst - Second: 4\nFirst - Third: 2\nFirst - Fourth: 8\nEncrypted Password: DFD8CED0E0\nDF = 126\nD8 = 119\nCE = 109\nD0 = 111\nE0 = 127\nAdd Difference:\n126 + 0 = 126\n119 + 4 = 123\n109 + 2 = 111\n111 + 8 = 119\n127 + 0 = 127\nLook up in table (see http://www.w00w00.org/imail_map.txt):\n126 = r\n123 = o\n111 = c\n119 = k\n127 = s\nUnencrypted Password: rocks",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1497"
},
{
"db": "BID",
"id": "880"
},
{
"db": "VULHUB",
"id": "VHN-1478"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1478",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-1497",
"trust": 2.0
},
{
"db": "BID",
"id": "880",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "19991221 [W00GIVING \u002799 #11] IMAIL\u0027S PASSWORD ENCRYPTION SCHEME",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "401",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "19683",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1478",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
},
{
"db": "BID",
"id": "880"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
]
},
"id": "VAR-199912-0146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:50:10.553000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/880"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/39329"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
},
{
"db": "BID",
"id": "880"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1478"
},
{
"db": "BID",
"id": "880"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-12-21T00:00:00",
"db": "VULHUB",
"id": "VHN-1478"
},
{
"date": "1999-12-19T00:00:00",
"db": "BID",
"id": "880"
},
{
"date": "1999-12-21T05:00:00",
"db": "NVD",
"id": "CVE-1999-1497"
},
{
"date": "1999-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-1478"
},
{
"date": "2009-07-11T01:56:00",
"db": "BID",
"id": "880"
},
{
"date": "2008-09-05T20:19:39.990000",
"db": "NVD",
"id": "CVE-1999-1497"
},
{
"date": "2007-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail Weak Password Encryption Vulnerability",
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
],
"trust": 0.9
}
}
VAR-200001-0034
Vulnerability from variot - Updated: 2023-12-18 13:45IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. IMail includes a service called IMail Monitor which is used for local and remote performance measuring and diagnostics. It includes a small webserver operating on port 8181 to support web-based monitoring. One of the cgi scripts, status.cgi, is used to determine which services are currently running and create a web pafge to report this information. Multiple simultaneous requests for status.cgi will cause the software to crash, with a Dr. Watson error of "Invalid Memory Address". There is a vulnerability in the IMail IMONITOR status.cgi CGI script
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200001-0034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.8"
}
],
"sources": [
{
"db": "BID",
"id": "914"
},
{
"db": "NVD",
"id": "CVE-2000-0056"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0056"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered and publicized by USSR Labs on January 5, 1999",
"sources": [
{
"db": "BID",
"id": "914"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
],
"trust": 0.9
},
"cve": "CVE-2000-0056",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-1635",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2000-0056",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200001-019",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-1635",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1635"
},
{
"db": "NVD",
"id": "CVE-2000-0056"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. IMail includes a service called IMail Monitor which is used for local and remote performance measuring and diagnostics. It includes a small webserver operating on port 8181 to support web-based monitoring. One of the cgi scripts, status.cgi, is used to determine which services are currently running and create a web pafge to report this information. Multiple simultaneous requests for status.cgi will cause the software to crash, with a Dr. Watson error of \"Invalid Memory Address\". There is a vulnerability in the IMail IMONITOR status.cgi CGI script",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0056"
},
{
"db": "BID",
"id": "914"
},
{
"db": "VULHUB",
"id": "VHN-1635"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1635",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1635"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "914",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2000-0056",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-73627",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "19711",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1635",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1635"
},
{
"db": "BID",
"id": "914"
},
{
"db": "NVD",
"id": "CVE-2000-0056"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
]
},
"id": "VAR-200001-0034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1635"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:45:40.960000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0056"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/914"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1635"
},
{
"db": "BID",
"id": "914"
},
{
"db": "NVD",
"id": "CVE-2000-0056"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1635"
},
{
"db": "BID",
"id": "914"
},
{
"db": "NVD",
"id": "CVE-2000-0056"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-1635"
},
{
"date": "2000-01-05T00:00:00",
"db": "BID",
"id": "914"
},
{
"date": "2000-01-05T05:00:00",
"db": "NVD",
"id": "CVE-2000-0056"
},
{
"date": "2000-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-1635"
},
{
"date": "2000-01-05T00:00:00",
"db": "BID",
"id": "914"
},
{
"date": "2008-09-10T19:02:41.290000",
"db": "NVD",
"id": "CVE-2000-0056"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail IMonitor status.cgi DoS Vulnerability",
"sources": [
{
"db": "BID",
"id": "914"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "914"
},
{
"db": "CNNVD",
"id": "CNNVD-200001-019"
}
],
"trust": 0.9
}
}
VAR-200210-0229
Vulnerability from variot - Updated: 2023-12-18 13:41Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. The web messaging server is vulnerable to a buffer overflow. When the server receives a request for HTTP version 1.0, and the total request is 96 bytes or greater, a buffer overflow occurs. This could result in the execution of attacker-supplied instructions, and potentially allow an attacker to gain local access. ** Ipswitch has reported they are unable to reproduce this issue. In addition, Ipswitch has stated that the supplied, third party patch may in fact open additional vulnerabilities in the product. Ipswitch suggests that users do not apply the supplied patch. IMail's Web Messaging daemon lacks proper checks for parameters when processing HTTP/1.0 GET requests. Remote attackers can exploit this vulnerability to perform buffer overflow attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200210-0229",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
}
],
"sources": [
{
"db": "BID",
"id": "5323"
},
{
"db": "NVD",
"id": "CVE-2002-1076"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1076"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "2c79cbe14ac7d0b8472d3f129fa1df\u203b c79cbe14ac7d0b8472d3f129fa1df55@yahoo.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1076",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5464",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1076",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200210-145",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5464",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5464"
},
{
"db": "NVD",
"id": "CVE-2002-1076"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. \nThe web messaging server is vulnerable to a buffer overflow. When the server receives a request for HTTP version 1.0, and the total request is 96 bytes or greater, a buffer overflow occurs. This could result in the execution of attacker-supplied instructions, and potentially allow an attacker to gain local access. \n** Ipswitch has reported they are unable to reproduce this issue. In addition, Ipswitch has stated that the supplied, third party patch may in fact open additional vulnerabilities in the product. Ipswitch suggests that users do not apply the supplied patch. IMail\u0027s Web Messaging daemon lacks proper checks for parameters when processing HTTP/1.0 GET requests. Remote attackers can exploit this vulnerability to perform buffer overflow attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1076"
},
{
"db": "BID",
"id": "5323"
},
{
"db": "VULHUB",
"id": "VHN-5464"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5464",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5464"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5323",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1076",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200210-145",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020725 IPSWITCH IMAIL ADVISORY/EXPLOIT/PATCH",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020729 HOAX EXPLOIT",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020729 RE: HOAX EXPLOIT (2C79CBE14AC7D0B8472D3F129FA1DF55 RETURNS)",
"trust": 0.6
},
{
"db": "XF",
"id": "9679",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-75478",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "21654",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5464",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5464"
},
{
"db": "BID",
"id": "5323"
},
{
"db": "NVD",
"id": "CVE-2002-1076"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
]
},
"id": "VAR-200210-0229",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5464"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:41:03.839000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1076"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5323"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html"
},
{
"trust": 1.7,
"url": "http://support.ipswitch.com/kb/im-20020729-dm01.htm"
},
{
"trust": 1.7,
"url": "http://support.ipswitch.com/kb/im-20020731-dm02.htm"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9679.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5464"
},
{
"db": "NVD",
"id": "CVE-2002-1076"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5464"
},
{
"db": "BID",
"id": "5323"
},
{
"db": "NVD",
"id": "CVE-2002-1076"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-5464"
},
{
"date": "2002-07-26T00:00:00",
"db": "BID",
"id": "5323"
},
{
"date": "2002-10-04T04:00:00",
"db": "NVD",
"id": "CVE-2002-1076"
},
{
"date": "2002-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5464"
},
{
"date": "2002-07-26T00:00:00",
"db": "BID",
"id": "5323"
},
{
"date": "2008-09-05T20:29:42.940000",
"db": "NVD",
"id": "CVE-2002-1076"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSwitch IMail Web Messaging Daemon HTTP GET Remote buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-145"
}
],
"trust": 0.6
}
}
VAR-200112-0166
Vulnerability from variot - Updated: 2023-12-18 13:35Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. IMail also includes support for multiple domains, and web based administration. It runs on Microsoft Windows platforms. There is a vulnerability with the authentication process for this web administration tool. Any valid administrator account may make changes to any domain on the server. IPSwitch IMail is a popular web-based mail retrieval program used by many ISPs. Attackers can list, view, add, and delete other domains arbitrarily. User aliases and mailing lists for
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200112-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.1"
}
],
"sources": [
{
"db": "BID",
"id": "3766"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1211"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zeeshan Mustafa\u203b security@zeeshan.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
],
"trust": 0.6
},
"cve": "CVE-2001-1211",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4016",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-1211",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200112-158",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4016",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4016"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. IMail also includes support for multiple domains, and web based administration. It runs on Microsoft Windows platforms. \nThere is a vulnerability with the authentication process for this web administration tool. Any valid administrator account may make changes to any domain on the server. IPSwitch IMail is a popular web-based mail retrieval program used by many ISPs. Attackers can list, view, add, and delete other domains arbitrarily. User aliases and mailing lists for ",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "BID",
"id": "3766"
},
{
"db": "VULHUB",
"id": "VHN-4016"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3766",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-1211",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158",
"trust": 0.7
},
{
"db": "XF",
"id": "7752",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20011231 IMAIL WEB SERVICE USER ALIASES / MAILING LISTS ADMIN VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4016",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4016"
},
{
"db": "BID",
"id": "3766"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"id": "VAR-200112-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4016"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:54.226000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1211"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3766"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/247786"
},
{
"trust": 1.7,
"url": "http://support.ipswitch.com/kb/im-20011219-dm01.htm"
},
{
"trust": 1.7,
"url": "http://support.ipswitch.com/kb/im-20020301-dm02.htm"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/7752.php"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4016"
},
{
"db": "BID",
"id": "3766"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4016"
},
{
"db": "BID",
"id": "3766"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-4016"
},
{
"date": "2001-12-31T00:00:00",
"db": "BID",
"id": "3766"
},
{
"date": "2001-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"date": "2001-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-4016"
},
{
"date": "2009-07-11T09:56:00",
"db": "BID",
"id": "3766"
},
{
"date": "2008-09-05T20:25:58.093000",
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Domain Management Authority Boost Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
],
"trust": 0.6
}
}
VAR-200412-1061
Vulnerability from variot - Updated: 2023-12-18 13:35Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command. Ipswitch IMail is reported prone to a remote buffer overflow vulnerability. This issue exists due to insufficient boundary checks performed by the application. Ipswitch IMail 8.13 is reported prone to this vulnerability. It is possible that other versions are affected as well. Ipswitch IMail Server is a powerful email solution. Ipswitch IMail Server handles the DELETE command incorrectly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
}
],
"sources": [
{
"db": "BID",
"id": "11675"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1520"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jerome\u203b jerome@athias.fr",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-9950",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1520",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-722",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-9950",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command. Ipswitch IMail is reported prone to a remote buffer overflow vulnerability. This issue exists due to insufficient boundary checks performed by the application. \nIpswitch IMail 8.13 is reported prone to this vulnerability. It is possible that other versions are affected as well. Ipswitch IMail Server is a powerful email solution. Ipswitch IMail Server handles the DELETE command incorrectly",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "BID",
"id": "11675"
},
{
"db": "VULHUB",
"id": "VHN-9950"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-9950",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11675",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2004-1520",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "13200",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722",
"trust": 0.7
},
{
"db": "XF",
"id": "18058",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "7108",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20041112 IPSWITCH-IMAIL-8.13 STACK OVERFLOW IN THE DELETE COMMAND",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-70993",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-70991",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16479",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "627",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "1151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83023",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82989",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-9950",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
},
{
"db": "BID",
"id": "11675"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"id": "VAR-200412-1061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:45.281000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11675"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/13200"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18058"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=110037283803560\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/18058"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=110037283803560\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/7108"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im814.html"
},
{
"trust": 0.3,
"url": "/archive/1/381027"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=110037283803560\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9950"
},
{
"db": "BID",
"id": "11675"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-9950"
},
{
"db": "BID",
"id": "11675"
},
{
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-9950"
},
{
"date": "2004-11-13T00:00:00",
"db": "BID",
"id": "11675"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"date": "2004-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9950"
},
{
"date": "2004-11-13T00:00:00",
"db": "BID",
"id": "11675"
},
{
"date": "2017-07-11T01:31:06.277000",
"db": "NVD",
"id": "CVE-2004-1520"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSwitch IMail 8.13 Remotely DELETE Command buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "11675"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-722"
}
],
"trust": 0.9
}
}
VAR-200609-0308
Vulnerability from variot - Updated: 2023-12-18 13:35Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SMTP daemon. A lack of bounds checking during the parsing of long strings contained within the characters '@' and ':' leads to a stack overflow vulnerability. Exploitation can result in code execution or a denial of service. Ipswitch IMail Server and Collaboration Suite are prone to a stack-overflow vulnerability. Updates are available. Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure are vulnerable. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Ipswitch IMail Server SMTP Service Unspecified Vulnerability
SECUNIA ADVISORY ID: SA21795
VERIFY ADVISORY: http://secunia.com/advisories/21795/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ IMail Secure Server 2006 http://secunia.com/product/8651/ IMail Server 2006 http://secunia.com/product/8653/
DESCRIPTION: A vulnerability has been reported in IMail Server, which can be exploited by malicious people to compromise a vulnerable system.
ORIGINAL ADVISORY: http://www.ipswitch.com/support/ics/updates/ics20061.asp http://www.ipswitch.com/support/imail/releases/im20061.asp
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow http://www.zerodayinitiative.com/advisories/ZDI-06-028.html September 7, 2006
-- CVE ID: CVE-2006-4379
-- Affected Vendor: Ipswitch
-- Affected Products: ICS/IMail Server 2006
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since August 31, 2006 by Digital Vaccine protection filter ID 4496.
-- Vendor Response: Ipswitch has issued an update, version 2006.1, to correct this vulnerability. More details can be found at:
http://www.ipswitch.com/support/imail/releases/im20061.asp
-- Disclosure Timeline: 2006.06.22 - Vulnerability reported to vendor 2006.08.31 - Digital Vaccine released to TippingPoint customers 2006.09.07 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by an anonymous researcher.
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0308",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail secure server",
"scope": "eq",
"trust": 2.7,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "imail plus",
"scope": "eq",
"trust": 2.4,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006_standard"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006_premium"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 0.8,
"vendor": "ipswitch",
"version": "2006 suite premium and standard editions"
},
{
"model": "imail",
"scope": null,
"trust": 0.7,
"vendor": "ipswitch",
"version": null
},
{
"model": "collaboration suite standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "collaboration suite premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "imail server",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "imail plus",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "0"
},
{
"model": "collaboration suite standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.1"
},
{
"model": "collaboration suite premium edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.1"
},
{
"model": "imail server",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "BID",
"id": "19885"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail_plus:2006:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail_secure_server:2006:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006_premium:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006_standard:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4379"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-028"
}
],
"trust": 0.7
},
"cve": "CVE-2006-4379",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-4379",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-20487",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4379",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#542197",
"trust": 0.8,
"value": "12.86"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-20487",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an \u0027@\u0027 character and before a \u0027:\u0027 character. The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SMTP daemon. A lack of bounds checking during the parsing of long strings contained within the characters \u0027@\u0027 and \u0027:\u0027 leads to a stack overflow vulnerability. Exploitation can result in code execution or a denial of service. Ipswitch IMail Server and Collaboration Suite are prone to a stack-overflow vulnerability. Updates are available. \nIpswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure are vulnerable. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nIpswitch IMail Server SMTP Service Unspecified Vulnerability\n\nSECUNIA ADVISORY ID:\nSA21795\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21795/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIpswitch Collaboration Suite 2006\nhttp://secunia.com/product/8652/\nIMail Secure Server 2006\nhttp://secunia.com/product/8651/\nIMail Server 2006\nhttp://secunia.com/product/8653/\n\nDESCRIPTION:\nA vulnerability has been reported in IMail Server, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nORIGINAL ADVISORY:\nhttp://www.ipswitch.com/support/ics/updates/ics20061.asp\nhttp://www.ipswitch.com/support/imail/releases/im20061.asp\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow\nhttp://www.zerodayinitiative.com/advisories/ZDI-06-028.html\nSeptember 7, 2006\n\n-- CVE ID:\nCVE-2006-4379\n\n-- Affected Vendor:\nIpswitch\n\n-- Affected Products:\nICS/IMail Server 2006\n\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since August 31, 2006 by Digital Vaccine protection\nfilter ID 4496. \n\n-- Vendor Response:\nIpswitch has issued an update, version 2006.1, to correct this\nvulnerability. More details can be found at:\n\nhttp://www.ipswitch.com/support/imail/releases/im20061.asp\n\n-- Disclosure Timeline:\n2006.06.22 - Vulnerability reported to vendor\n2006.08.31 - Digital Vaccine released to TippingPoint customers\n2006.09.07 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by an anonymous researcher. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4379"
},
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "BID",
"id": "19885"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "PACKETSTORM",
"id": "49786"
},
{
"db": "PACKETSTORM",
"id": "49828"
}
],
"trust": 3.51
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-20487",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20487"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-4379",
"trust": 3.6
},
{
"db": "SECUNIA",
"id": "21795",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-06-028",
"trust": 2.5
},
{
"db": "BID",
"id": "19885",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2006-3496",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016803",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016804",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#542197",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-067",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060907 ZDI-06-028: IPSWITCH COLLABORATION SUITE SMTP SERVER STACK OVERFLOW",
"trust": 0.6
},
{
"db": "XF",
"id": "28789",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "49828",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "3264",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "2601",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "3265",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-20487",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49786",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "BID",
"id": "19885"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "PACKETSTORM",
"id": "49786"
},
{
"db": "PACKETSTORM",
"id": "49828"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
]
},
"id": "VAR-200609-0308",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20487"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:33.398000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "im20061",
"trust": 1.5,
"url": "http://www.ipswitch.com/support/imail/releases/im20061.asp"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4379"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.ipswitch.com/support/imail/releases/im20061.asp"
},
{
"trust": 2.6,
"url": "http://www.ipswitch.com/support/ics/updates/ics20061.asp"
},
{
"trust": 1.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-06-028.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19885"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016803"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016804"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21795"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/445521/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3496"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28789"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/21795/"
},
{
"trust": 0.8,
"url": "http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg108403.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4379"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4379"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3496"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28789"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/445521/100/0/threaded"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8653/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8651/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8652/"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4379"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "PACKETSTORM",
"id": "49786"
},
{
"db": "PACKETSTORM",
"id": "49828"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "BID",
"id": "19885"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "PACKETSTORM",
"id": "49786"
},
{
"db": "PACKETSTORM",
"id": "49828"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-07T00:00:00",
"db": "CERT/CC",
"id": "VU#542197"
},
{
"date": "2006-09-08T00:00:00",
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"date": "2006-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-20487"
},
{
"date": "2006-09-07T00:00:00",
"db": "BID",
"id": "19885"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"date": "2006-09-08T05:23:41",
"db": "PACKETSTORM",
"id": "49786"
},
{
"date": "2006-09-08T06:50:37",
"db": "PACKETSTORM",
"id": "49828"
},
{
"date": "2006-09-08T21:04:00",
"db": "NVD",
"id": "CVE-2006-4379"
},
{
"date": "2006-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-07T00:00:00",
"db": "CERT/CC",
"id": "VU#542197"
},
{
"date": "2006-09-08T00:00:00",
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20487"
},
{
"date": "2007-02-05T16:18:00",
"db": "BID",
"id": "19885"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"date": "2018-10-17T21:36:48.320000",
"db": "NVD",
"id": "CVE-2006-4379"
},
{
"date": "2006-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "49828"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Ipswitch IMail Server is vulnerable to a buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
],
"trust": 0.6
}
}
VAR-200110-0113
Vulnerability from variot - Updated: 2023-12-18 13:31Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. Due to improper bounds checking, the Web Calendaring feature of IMail could allow the execution of arbitrary code with the privileges of SYSTEM. This is achieveable by submitting a specially crafted GET request. Ipswitch IMail 7.04 and earlier versions have a buffer overflow vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200110-0113",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "6.0.2"
}
],
"sources": [
{
"db": "BID",
"id": "3431"
},
{
"db": "NVD",
"id": "CVE-2001-1287"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1287"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered and posted to Bugtraq in a Defcom Labs Advisory def-2001-29 on Oct 12, 2001.",
"sources": [
{
"db": "BID",
"id": "3431"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1287",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4092",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-1287",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200110-043",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4092",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4092"
},
{
"db": "NVD",
"id": "CVE-2001-1287"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. \nDue to improper bounds checking, the Web Calendaring feature of IMail could allow the execution of arbitrary code with the privileges of SYSTEM. This is achieveable by submitting a specially crafted GET request. Ipswitch IMail 7.04 and earlier versions have a buffer overflow vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1287"
},
{
"db": "BID",
"id": "3431"
},
{
"db": "VULHUB",
"id": "VHN-4092"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-4092",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4092"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3431",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-1287",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20011012 DEF-2001-29",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "22458",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76260",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-4092",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4092"
},
{
"db": "BID",
"id": "3431"
},
{
"db": "NVD",
"id": "CVE-2001-1287"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
]
},
"id": "VAR-200110-0113",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4092"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:31:07.608000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1287"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3431"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html"
},
{
"trust": 1.7,
"url": "http://www.ipswitch.com/support/imail/news.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4092"
},
{
"db": "BID",
"id": "3431"
},
{
"db": "NVD",
"id": "CVE-2001-1287"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4092"
},
{
"db": "BID",
"id": "3431"
},
{
"db": "NVD",
"id": "CVE-2001-1287"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-4092"
},
{
"date": "2001-10-12T00:00:00",
"db": "BID",
"id": "3431"
},
{
"date": "2001-10-12T04:00:00",
"db": "NVD",
"id": "CVE-2001-1287"
},
{
"date": "2001-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-4092"
},
{
"date": "2009-07-11T09:06:00",
"db": "BID",
"id": "3431"
},
{
"date": "2008-09-10T19:10:10.807000",
"db": "NVD",
"id": "CVE-2001-1287"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Web Calender Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "3431"
},
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200110-043"
}
],
"trust": 0.6
}
}
VAR-200505-0076
Vulnerability from variot - Updated: 2023-12-18 13:21Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command. The Ipswitch Collaboration Suite IMail IMAP service is reported prone to a buffer overflow vulnerability. The issue exists due to a lack of sufficient boundary checks performed on arguments that are passed to the EXAMINE command. It is conjectured that a remote authenticated attacker may exploit this vulnerability to execute arbitrary code in the context of the affected service. Immediate consequences of a failed exploit attempt would be a denial of service due to the application crashing on an access violation. IMail Server version 8.13 an earlier are reported prone to this vulnerability.
Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS
Request Trial: https://ca.secunia.com/?f=l
TITLE: Ipswitch Collaboration Suite IMAP EXAMINE Buffer Overflow
SECUNIA ADVISORY ID: SA14546
VERIFY ADVISORY: http://secunia.com/advisories/14546/
CRITICAL: Moderately critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Ipswitch Collaboration Suite (ICS) 1.x http://secunia.com/product/4773/ IMail Server 8.x http://secunia.com/product/3048/
DESCRIPTION: Nico Steinhardt has reported a vulnerability in Ipswitch Collaboration Suite, which can be exploited by malicious users to compromise a vulnerable system.
SOLUTION: Apply IMail Server 8.15 Hotfix 1: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe
PROVIDED AND/OR DISCOVERED BY: Nico Steinhardt
ORIGINAL ADVISORY: iDEFENSE: http://www.idefense.com/application/poi/display?id=216&type=vulnerabilities
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. BACKGROUND
Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for Microsoft Windows with a customer base of over 53 million users. More information is available on the vendor's website:
http://www.ipswitch.com/products/IMail_Server/index.html
II. The EXAMINE command selects a mailbox so that messages within the mailbox may be accessed with read-only privileges. EXAMINE requests with malformed mailbox names of 259 bytes will overwrite the saved stack frame pointer, resulting in potential process execution control. It should be noted that IMAP will append a '/' character to your supplied mailbox name so the most significant byte of the frame pointer will be 0x2e. The output below shows successful control of the frame pointer.
(668.f8): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled.
eax=00000006 ebx=008943b0 ecx=42424242 edx=00c8fad4 esi=008943b0 edi=00000013 eip=0078626d esp=00c9fd20 ebp=2e434343 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 0078626d ?? ???
Frame pointer overwrites may allow attackers to redirect program flow when the current function returns. It should be noted that the IMAP EXAMINE command is only available after successful authentication.
III. The EXAMINE IMAP command is only valid after authentication has occurred, however due to the nature of IMAP servers serving a large user base, this requirement only slightly reduces exposure to the vulnerability.
IV. DETECTION
iDEFENSE has confirmed that the IMAP4 daemon (IMAP4d32.exe ver. IMail Server is now packaged as part of Ipswitch Collaboration Suite.
V. WORKAROUND
Use application level content filtering on overly long IMAP commands.
VI. VENDOR RESPONSE
This vulnerability is addressed in IMail Server 8.15 Hotfix 1 (February 3, 2005), which is available for download at:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-0707 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
03/02/2005 Initial vendor notification 03/08/2005 Initial vendor response 03/10/2005 Public disclosure
IX. CREDIT
Nico Steinhardt is credited with this discovery.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright (c) 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "collaboration suite",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "8.15"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "8.15"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.3,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
}
],
"sources": [
{
"db": "BID",
"id": "12780"
},
{
"db": "NVD",
"id": "CVE-2005-0707"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.15",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0707"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nico Steinhardt iDEFENSE Security Advisory\u203b labs@idefense.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
],
"trust": 0.6
},
"cve": "CVE-2005-0707",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-11916",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-0707",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-692",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-11916",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11916"
},
{
"db": "NVD",
"id": "CVE-2005-0707"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command. The Ipswitch Collaboration Suite IMail IMAP service is reported prone to a buffer overflow vulnerability. The issue exists due to a lack of sufficient boundary checks performed on arguments that are passed to the EXAMINE command. \nIt is conjectured that a remote authenticated attacker may exploit this vulnerability to execute arbitrary code in the context of the affected service. Immediate consequences of a failed exploit attempt would be a denial of service due to the application crashing on an access violation. \nIMail Server version 8.13 an earlier are reported prone to this vulnerability. \n----------------------------------------------------------------------\n\nMonitor, Filter, and Manage Security Information\n- Filtering and Management of Secunia advisories\n- Overview, documentation, and detailed reports\n- Alerting via email and SMS\n\nRequest Trial:\nhttps://ca.secunia.com/?f=l\n\n----------------------------------------------------------------------\n\nTITLE:\nIpswitch Collaboration Suite IMAP EXAMINE Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA14546\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/14546/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIpswitch Collaboration Suite (ICS) 1.x\nhttp://secunia.com/product/4773/\nIMail Server 8.x\nhttp://secunia.com/product/3048/\n\nDESCRIPTION:\nNico Steinhardt has reported a vulnerability in Ipswitch\nCollaboration Suite, which can be exploited by malicious users to\ncompromise a vulnerable system. \n\nSOLUTION:\nApply IMail Server 8.15 Hotfix 1:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe\n\nPROVIDED AND/OR DISCOVERED BY:\nNico Steinhardt\n\nORIGINAL ADVISORY:\niDEFENSE:\nhttp://www.idefense.com/application/poi/display?id=216\u0026type=vulnerabilities\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n. BACKGROUND\n\nIpswitch Collaboration Suite (ICS) is a comprehensive communication and \ncollaboration solution for Microsoft Windows with a customer base of \nover 53 million users. More information is available on the vendor\u0027s \nwebsite:\n\n http://www.ipswitch.com/products/IMail_Server/index.html\n\nII. The \nEXAMINE command selects a mailbox so that messages within the mailbox \nmay be accessed with read-only privileges. EXAMINE requests with \nmalformed mailbox names of 259 bytes will overwrite the saved stack \nframe pointer, resulting in potential process execution control. It \nshould be noted that IMAP will append a \u0027/\u0027 character to your supplied \nmailbox name so the most significant byte of the frame pointer will be \n0x2e. The output below shows successful control of the frame pointer. \n\n(668.f8): Access violation - code c0000005 (first chance)\nFirst chance exceptions are reported before any exception handling. \nThis exception may be expected and handled. \n\neax=00000006 ebx=008943b0 ecx=42424242\nedx=00c8fad4 esi=008943b0 edi=00000013\neip=0078626d esp=00c9fd20 ebp=2e434343\niopl=0 nv up ei pl zr na po nc\ncs=001b ss=0023 ds=0023 es=0023\nfs=0038 gs=0000 efl=00000246\n0078626d ?? ???\n\nFrame pointer overwrites may allow attackers to redirect program flow \nwhen the current function returns. It should be noted that the IMAP \nEXAMINE command is only available after successful authentication. \n\nIII. The EXAMINE IMAP command is only \nvalid after authentication has occurred, however due to the nature of \nIMAP servers serving a large user base, this requirement only slightly \nreduces exposure to the vulnerability. \n\nIV. DETECTION\n\niDEFENSE has confirmed that the IMAP4 daemon (IMAP4d32.exe ver. \nIMail Server is now packaged as part of Ipswitch Collaboration Suite. \n \nV. WORKAROUND\n\nUse application level content filtering on overly long IMAP commands. \n\nVI. VENDOR RESPONSE\n\nThis vulnerability is addressed in IMail Server 8.15 Hotfix 1 (February\n3, 2005), which is available for download at:\n\n ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM815HF1.exe\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-0707 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n03/02/2005 Initial vendor notification\n03/08/2005 Initial vendor response\n03/10/2005 Public disclosure\n\nIX. CREDIT\n\nNico Steinhardt is credited with this discovery. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright (c) 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0707"
},
{
"db": "BID",
"id": "12780"
},
{
"db": "VULHUB",
"id": "VHN-11916"
},
{
"db": "PACKETSTORM",
"id": "36576"
},
{
"db": "PACKETSTORM",
"id": "36591"
}
],
"trust": 1.44
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-11916",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11916"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-0707",
"trust": 2.1
},
{
"db": "BID",
"id": "12780",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "14546",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1013410",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-692",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050310 IPSWITCH COLLABORATION SUITE IMAP EXAMINE BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "19655",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "36591",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-11916",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "36576",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11916"
},
{
"db": "BID",
"id": "12780"
},
{
"db": "PACKETSTORM",
"id": "36576"
},
{
"db": "PACKETSTORM",
"id": "36591"
},
{
"db": "NVD",
"id": "CVE-2005-0707"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
]
},
"id": "VAR-200505-0076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-11916"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:21:12.665000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0707"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.idefense.com/application/poi/display?id=216\u0026type=vulnerabilities"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/12780"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1013410"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/14546"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19655"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/19655"
},
{
"trust": 0.3,
"url": "/archive/1/392871"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=216\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3048/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/14546/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4773/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?f=l"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-0707"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11916"
},
{
"db": "BID",
"id": "12780"
},
{
"db": "PACKETSTORM",
"id": "36576"
},
{
"db": "PACKETSTORM",
"id": "36591"
},
{
"db": "NVD",
"id": "CVE-2005-0707"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-11916"
},
{
"db": "BID",
"id": "12780"
},
{
"db": "PACKETSTORM",
"id": "36576"
},
{
"db": "PACKETSTORM",
"id": "36591"
},
{
"db": "NVD",
"id": "CVE-2005-0707"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-11916"
},
{
"date": "2005-03-10T00:00:00",
"db": "BID",
"id": "12780"
},
{
"date": "2005-03-15T07:30:59",
"db": "PACKETSTORM",
"id": "36576"
},
{
"date": "2005-03-15T07:43:28",
"db": "PACKETSTORM",
"id": "36591"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2005-0707"
},
{
"date": "2005-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-11916"
},
{
"date": "2009-07-12T10:56:00",
"db": "BID",
"id": "12780"
},
{
"date": "2017-07-11T01:32:22.530000",
"db": "NVD",
"id": "CVE-2005-0707"
},
{
"date": "2006-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch Collaboration Suite IMAP EXAMINE Command buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-692"
}
],
"trust": 0.6
}
}
VAR-199903-0051
Vulnerability from variot - Updated: 2023-12-18 13:11IMail POP3 daemon uses weak encryption, which allows local users to read files. IMail is prone to a local security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199903-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0019"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0019"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "88240"
}
],
"trust": 0.3
},
"cve": "CVE-2000-0019",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-1598",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2000-0019",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2000-0019",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-199903-024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-1598",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2000-0019",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1598"
},
{
"db": "VULMON",
"id": "CVE-2000-0019"
},
{
"db": "NVD",
"id": "CVE-2000-0019"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail POP3 daemon uses weak encryption, which allows local users to read files. IMail is prone to a local security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0019"
},
{
"db": "BID",
"id": "88240"
},
{
"db": "VULHUB",
"id": "VHN-1598"
},
{
"db": "VULMON",
"id": "CVE-2000-0019"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2000-0019",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024",
"trust": 0.7
},
{
"db": "BID",
"id": "88240",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-1598",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2000-0019",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1598"
},
{
"db": "VULMON",
"id": "CVE-2000-0019"
},
{
"db": "BID",
"id": "88240"
},
{
"db": "NVD",
"id": "CVE-2000-0019"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
]
},
"id": "VAR-199903-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1598"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:11:04.384000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0019"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/cve-2000-0019"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2000-0019"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/88240"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1598"
},
{
"db": "VULMON",
"id": "CVE-2000-0019"
},
{
"db": "NVD",
"id": "CVE-2000-0019"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1598"
},
{
"db": "VULMON",
"id": "CVE-2000-0019"
},
{
"db": "BID",
"id": "88240"
},
{
"db": "NVD",
"id": "CVE-2000-0019"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-1598"
},
{
"date": "1999-03-04T00:00:00",
"db": "VULMON",
"id": "CVE-2000-0019"
},
{
"date": "1999-03-04T00:00:00",
"db": "BID",
"id": "88240"
},
{
"date": "1999-03-04T05:00:00",
"db": "NVD",
"id": "CVE-2000-0019"
},
{
"date": "1999-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-1598"
},
{
"date": "2022-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2000-0019"
},
{
"date": "1999-03-04T00:00:00",
"db": "BID",
"id": "88240"
},
{
"date": "2022-08-17T10:15:18.787000",
"db": "NVD",
"id": "CVE-2000-0019"
},
{
"date": "2022-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "88240"
},
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail POP3 daemon Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199903-024"
}
],
"trust": 0.6
}
}
VAR-200512-0015
Vulnerability from variot - Updated: 2023-12-18 13:10The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. Successful exploitation will cause the affected server to crash, effectively denying service to legitimate users. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. Ipswitch IMail IMAP List Command DoS Vulnerability
iDEFENSE Security Advisory 12.06.05 www.idefense.com/application/poi/display?id=347&type=vulnerabilities December 6, 2005
I. BACKGROUND
Ipswitch Imail Server is an email server that is part of the IpSwitch Collaboration suit. Imail Supports POP3, SMTP, IMAP and web based email access. More Information can be located on the vendor\x92s site at:
http://www.ipswitch.com/Products/collaboration/index.html
II.
The problem specifically exists in handling long arguments to the LIST command. When a LIST command of approximately 8000 bytes is supplied, internal string parsing routines can be manipulated in such a way as to reference non-allocated sections of memory. This parsing error results in an unhandled access violation, forcing the daemon to exit.
III. The LIST command is only available post authentication and therefore valid credentials are required to exploit this vulnerability.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in Ipswitch IMail 8.2.
V. WORKAROUND
As this vulnerability is exploited after authentication occurs, ensuring that only trusted users have accounts can mitigate the risk somewhat. As a more effective workaround, consider limiting access to the IMAP server by filtering TCP port 143. If possible, consider disabling IMAP and forcing users to use POP3.
VI. VENDOR RESPONSE
Ipswitch Collaboration Suite 2.02 has been released to address this issue and is available for download at:
http://www.ipswitch.com/support/ics/updates/ics202.asp
IMail Server 8.22 Patch has been released to address this issue and is available for download at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-2923 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
09/08/2005 Initial vendor notification 09/13/2005 Initial vendor response 10/06/2005 Coordinated public disclosure
IX. CREDIT
Sebastian Apelt is credited with discovering this vulnerability.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright \xa9 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
1) A format string error exists in the SMTPD32 service when parsing arguments supplied to the "expn", "mail", "mail from", and "rcpt to" commands. This can be exploited to execute arbitrary code via specially crafted arguments sent to the affected commands.
The vulnerabilities have been reported in IMail Server version 8.20. Other versions prior to 8.22 may also be affected.
SOLUTION: Update to the fixed versions. http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
Ipswitch Collaboration Suite 2.0: Update to version 2.02. http://www.ipswitch.com/support/ics/updates/ics202.asp
PROVIDED AND/OR DISCOVERED BY: 1) Nico 2) Sebastian Apelt
ORIGINAL ADVISORY: http://www.idefense.com/application/poi/display?id=346&type=vulnerabilities http://www.idefense.com/application/poi/display?id=347&type=vulnerabilities
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0015",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "2.01"
},
{
"model": "imail server",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2.0"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.3,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "collaboration suite",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2.02"
},
{
"model": "imail",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "15753"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail_server:8.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-14132",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2923",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-106",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-14132",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) via a long argument to the LIST command, which causes IMail Server to reference invalid memory. \nSuccessful exploitation will cause the affected server to crash, effectively denying service to legitimate users. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. Ipswitch IMail IMAP List Command DoS Vulnerability\n\niDEFENSE Security Advisory 12.06.05\nwww.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities\nDecember 6, 2005\n\nI. BACKGROUND\n\nIpswitch Imail Server is an email server that is part of the IpSwitch\nCollaboration suit. Imail Supports POP3, SMTP, IMAP and web based email\naccess. More Information can be located on the vendor\\x92s site at:\n\nhttp://www.ipswitch.com/Products/collaboration/index.html\n\nII. \n\nThe problem specifically exists in handling long arguments to the LIST\ncommand. When a LIST command of approximately 8000 bytes is supplied,\ninternal string parsing routines can be manipulated in such a way as to\nreference non-allocated sections of memory. This parsing error results\nin an unhandled access violation, forcing the daemon to exit. \n\nIII. The LIST command is only available\npost authentication and therefore valid credentials are required to\nexploit this vulnerability. \n\nIV. DETECTION\n\niDEFENSE has confirmed the existence of this vulnerability in Ipswitch\nIMail 8.2. \n\nV. WORKAROUND\n\nAs this vulnerability is exploited after authentication occurs, ensuring\nthat only trusted users have accounts can mitigate the risk somewhat. As\na more effective workaround, consider limiting access to the IMAP server\nby filtering TCP port 143. If possible, consider disabling IMAP and\nforcing users to use POP3. \n\nVI. VENDOR RESPONSE\n\nIpswitch Collaboration Suite 2.02 has been released to address this\nissue and is available for download at:\n\nhttp://www.ipswitch.com/support/ics/updates/ics202.asp\n\nIMail Server 8.22 Patch has been released to address this issue and is\navailable for download at:\n\nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-2923 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n09/08/2005 Initial vendor notification\n09/13/2005 Initial vendor response\n10/06/2005 Coordinated public disclosure\n\nIX. CREDIT\n\nSebastian Apelt is credited with discovering this vulnerability. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n1) A format string error exists in the SMTPD32 service when parsing\narguments supplied to the \"expn\", \"mail\", \"mail from\", and \"rcpt to\"\ncommands. This can be exploited to execute arbitrary code via\nspecially crafted arguments sent to the affected commands. \n\nThe vulnerabilities have been reported in IMail Server version 8.20. \nOther versions prior to 8.22 may also be affected. \n\nSOLUTION:\nUpdate to the fixed versions. \nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp\n\nIpswitch Collaboration Suite 2.0:\nUpdate to version 2.02. \nhttp://www.ipswitch.com/support/ics/updates/ics202.asp\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Nico\n2) Sebastian Apelt\n\nORIGINAL ADVISORY:\nhttp://www.idefense.com/application/poi/display?id=346\u0026type=vulnerabilities\nhttp://www.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2923"
},
{
"db": "BID",
"id": "15753"
},
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "PACKETSTORM",
"id": "42134"
}
],
"trust": 1.44
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-14132",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2923",
"trust": 2.1
},
{
"db": "BID",
"id": "15753",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "17863",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1015318",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2005-2782",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20051206 IPSWITCH IMAIL IMAP LIST COMMAND DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "42191",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-14132",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "42134",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "BID",
"id": "15753"
},
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
]
},
"id": "VAR-200512-0015",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:10:41.405000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15753"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015318"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17863"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/2782"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/2782"
},
{
"trust": 0.3,
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities\u0026id=347"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.2,
"url": "http://www.ipswitch.com/support/ics/updates/ics202.asp"
},
{
"trust": 0.2,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=347\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2923"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/collaboration/index.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=346\u0026type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3048/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17863/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5167/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "BID",
"id": "15753"
},
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14132"
},
{
"db": "BID",
"id": "15753"
},
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "NVD",
"id": "CVE-2005-2923"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-14132"
},
{
"date": "2005-12-06T00:00:00",
"db": "BID",
"id": "15753"
},
{
"date": "2005-12-09T16:47:24",
"db": "PACKETSTORM",
"id": "42191"
},
{
"date": "2005-12-07T17:36:35",
"db": "PACKETSTORM",
"id": "42134"
},
{
"date": "2005-12-07T01:03:00",
"db": "NVD",
"id": "CVE-2005-2923"
},
{
"date": "2005-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-14132"
},
{
"date": "2009-07-12T17:56:00",
"db": "BID",
"id": "15753"
},
{
"date": "2011-03-08T02:25:17.627000",
"db": "NVD",
"id": "CVE-2005-2923"
},
{
"date": "2005-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "42191"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP LIST Command Remote Denial of Service Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-106"
}
],
"trust": 0.6
}
}
VAR-200512-0016
Vulnerability from variot - Updated: 2023-12-18 13:10Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in a format-specifier argument to a formatted printing function. This issue allows remote attackers to execute arbitrary machine code in the context of the affected application.
TITLE: Ipswitch IMail Server IMAP and SMTP Service Two Vulnerabilities
SECUNIA ADVISORY ID: SA17863
VERIFY ADVISORY: http://secunia.com/advisories/17863/
CRITICAL: Highly critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: Ipswitch Collaboration Suite (ICS) 2.x http://secunia.com/product/5167/ IMail Server 8.x http://secunia.com/product/3048/
DESCRIPTION: Two vulnerabilities have been reported in IMail Server, which can be exploited by malicious users to cause a DoS (Denial of Service) and to compromise a vulnerable system.
2) An error exists in the IMAP4D32 service when handling user supplied arguments passed to the IMAP LIST command. This can be exploited by a logon user to cause a memory dereferencing error, which crashes the IMAP service by supplying an argument of approximately 8000 bytes to the command.
The vulnerabilities have been reported in IMail Server version 8.20. Other versions prior to 8.22 may also be affected.
SOLUTION: Update to the fixed versions.
IMail Server 8.20: Update to version 8.22. http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
Ipswitch Collaboration Suite 2.0: Update to version 2.02. http://www.ipswitch.com/support/ics/updates/ics202.asp
PROVIDED AND/OR DISCOVERED BY: 1) Nico 2) Sebastian Apelt
ORIGINAL ADVISORY: http://www.idefense.com/application/poi/display?id=346&type=vulnerabilities http://www.idefense.com/application/poi/display?id=347&type=vulnerabilities
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. BACKGROUND
Ipswitch Collaboration Suite provides e-mail and real-time collaboration, calendar and contact list sharing, and protection from spam and viruses, all delivered in an easy to use suite.
http://www.ipswitch.com/products/collaboration/index.asp
II. All of the commands are handled by the same function which parses user-supplied input strings. The following debugger session shows a backtrace with user-supplied strings as values. With properly constructed input value, the strings would be interpreted as memory addresses that would be executed upon returning from the current function.
[..] 00A7F370 006020A0 00A7F374 00A7F634 ASCII 5B,"192.168.242.1] MAIL FROM:C:\apps\Ipswitch\Collaboration Suite\IMail\spool\T94e8013e00000005" 00A7F378 00000000 00A7F37C 00000000 00A7F380 7C34FC0B RETURN to MSVCR71.7C34FC0B from MSVCR71.write_char 00A7F384 00602048 00A7F388 00A7F648 ASCII 20,"FROM:C:\apps\Ipswitch\Collaborat" [..]
III. Ipswitch mail services are commonly configured to allow untrusted access. The use of a firewall or other mitigating strategy is highly recommended due to the nature of this vulnerability. The IMail SMTP server is installed by default.
IV.
V. WORKAROUND
iDEFENSE is currently unaware of any effective workarounds for this issue. Access to the affected host should be filtered at the network boundary if global accessibility is not required. Restricting access to only trusted hosts and networks may reduce the likelihood of exploitation.
VI. VENDOR RESPONSE
Ipswitch Collaboration Suite 2.02 has been released to address this issue and is available for download at:
http://www.ipswitch.com/support/ics/updates/ics202.asp
IMail Server 8.22 has been released to address this issue and is available for download at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-2931 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
09/08/2005 Initial vendor notification 09/13/2005 Initial vendor response 10/06/2005 Coordinated public disclosure
IX. CREDIT
iDEFENSE credits Nico with the discovery of this vulnerability.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright \xa9 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "2.01"
},
{
"model": "imail server",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2.0"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.3,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.20"
},
{
"model": "collaboration suite",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2.02"
},
{
"model": "imail",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "15752"
},
{
"db": "NVD",
"id": "CVE-2005-2931"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail_server:8.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2931"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nico",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2931",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-14140",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2931",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-115",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-14140",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14140"
},
{
"db": "NVD",
"id": "CVE-2005-2931"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in a format-specifier argument to a formatted printing function. \nThis issue allows remote attackers to execute arbitrary machine code in the context of the affected application. \n\nTITLE:\nIpswitch IMail Server IMAP and SMTP Service Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA17863\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17863/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIpswitch Collaboration Suite (ICS) 2.x\nhttp://secunia.com/product/5167/\nIMail Server 8.x\nhttp://secunia.com/product/3048/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in IMail Server, which can be\nexploited by malicious users to cause a DoS (Denial of Service) and\nto compromise a vulnerable system. \n\n2) An error exists in the IMAP4D32 service when handling user\nsupplied arguments passed to the IMAP LIST command. This can be\nexploited by a logon user to cause a memory dereferencing error,\nwhich crashes the IMAP service by supplying an argument of\napproximately 8000 bytes to the command. \n\nThe vulnerabilities have been reported in IMail Server version 8.20. \nOther versions prior to 8.22 may also be affected. \n\nSOLUTION:\nUpdate to the fixed versions. \n\nIMail Server 8.20:\nUpdate to version 8.22. \nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp\n\nIpswitch Collaboration Suite 2.0:\nUpdate to version 2.02. \nhttp://www.ipswitch.com/support/ics/updates/ics202.asp\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Nico\n2) Sebastian Apelt\n\nORIGINAL ADVISORY:\nhttp://www.idefense.com/application/poi/display?id=346\u0026type=vulnerabilities\nhttp://www.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. BACKGROUND\n\nIpswitch Collaboration Suite provides e-mail and real-time\ncollaboration, calendar and contact list sharing, and protection from\nspam and viruses, all delivered in an easy to use suite. \n\n http://www.ipswitch.com/products/collaboration/index.asp\n\nII. All of the commands are handled by the same function which\nparses user-supplied input strings. The following debugger session\nshows a backtrace with user-supplied strings as values. With properly\nconstructed input value, the strings would be interpreted as memory\naddresses that would be executed upon returning from the current\nfunction. \n\n[..]\n00A7F370 006020A0\n00A7F374 00A7F634 ASCII 5B,\"192.168.242.1] MAIL\n FROM:C:\\apps\\Ipswitch\\Collaboration\n Suite\\IMail\\spool\\T94e8013e00000005\"\n00A7F378 00000000\n00A7F37C 00000000\n00A7F380 7C34FC0B RETURN to MSVCR71.7C34FC0B from MSVCR71.write_char\n00A7F384 00602048\n00A7F388 00A7F648 ASCII 20,\"FROM:C:\\apps\\Ipswitch\\Collaborat\"\n[..]\n\nIII. Ipswitch\nmail services are commonly configured to allow untrusted access. The\nuse of a firewall or other mitigating strategy is highly recommended\ndue to the nature of this vulnerability. The IMail SMTP server is\ninstalled by default. \n\nIV. \n\nV. WORKAROUND\n\niDEFENSE is currently unaware of any effective workarounds for this\nissue. Access to the affected host should be filtered at the network\nboundary if global accessibility is not required. Restricting access to\nonly trusted hosts and networks may reduce the likelihood of\nexploitation. \n\nVI. VENDOR RESPONSE\n\nIpswitch Collaboration Suite 2.02 has been released to address this\nissue and is available for download at:\n\n http://www.ipswitch.com/support/ics/updates/ics202.asp\n\nIMail Server 8.22 has been released to address this issue and is\navailable for download at:\n\n \nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-2931 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n09/08/2005 Initial vendor notification\n09/13/2005 Initial vendor response\n10/06/2005 Coordinated public disclosure\n\nIX. CREDIT\n\niDEFENSE credits Nico with the discovery of this vulnerability. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2931"
},
{
"db": "BID",
"id": "15752"
},
{
"db": "VULHUB",
"id": "VHN-14140"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "PACKETSTORM",
"id": "42190"
}
],
"trust": 1.44
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-14140",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14140"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2931",
"trust": 2.1
},
{
"db": "BID",
"id": "15752",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "17863",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2005-2782",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015317",
"trust": 1.7
},
{
"db": "IDEFENSE",
"id": "20051206 IPSWITCH COLLABORATION SUITE SMTP FORMAT STRING VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "42190",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-14140",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "42134",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14140"
},
{
"db": "BID",
"id": "15752"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "PACKETSTORM",
"id": "42190"
},
{
"db": "NVD",
"id": "CVE-2005-2931"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
]
},
"id": "VAR-200512-0016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14140"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:10:41.373000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2931"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp"
},
{
"trust": 1.8,
"url": "http://www.idefense.com/application/poi/display?id=346\u0026type=vulnerabilities"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15752"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015317"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17863"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/2782"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/2782"
},
{
"trust": 0.3,
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities\u0026id=346"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.2,
"url": "http://www.ipswitch.com/support/ics/updates/ics202.asp"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=346\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=347\u0026type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3048/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17863/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5167/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/collaboration/index.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2931"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14140"
},
{
"db": "BID",
"id": "15752"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "PACKETSTORM",
"id": "42190"
},
{
"db": "NVD",
"id": "CVE-2005-2931"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14140"
},
{
"db": "BID",
"id": "15752"
},
{
"db": "PACKETSTORM",
"id": "42134"
},
{
"db": "PACKETSTORM",
"id": "42190"
},
{
"db": "NVD",
"id": "CVE-2005-2931"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-14140"
},
{
"date": "2005-12-06T00:00:00",
"db": "BID",
"id": "15752"
},
{
"date": "2005-12-07T17:36:35",
"db": "PACKETSTORM",
"id": "42134"
},
{
"date": "2005-12-09T16:46:08",
"db": "PACKETSTORM",
"id": "42190"
},
{
"date": "2005-12-07T01:03:00",
"db": "NVD",
"id": "CVE-2005-2931"
},
{
"date": "2005-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-14140"
},
{
"date": "2009-07-12T17:56:00",
"db": "BID",
"id": "15752"
},
{
"date": "2011-03-08T02:25:18.127000",
"db": "NVD",
"id": "CVE-2005-2931"
},
{
"date": "2005-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "42190"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch Collaboration component SMTP Format string processing vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-115"
}
],
"trust": 0.6
}
}
VAR-200004-0055
Vulnerability from variot - Updated: 2023-12-18 13:05Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. Due to the implementation of IMail's authentication scheme, the server could be remotely forced to stop responding to login requests. If the client fails to terminate the connection, IMail will not be able to authenticate any other users due to the fact that it can only authorize one user at a time. Once the client times out the connection, IMail will regain normal functionality. Otherwise the service will have to be restarted
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200004-0055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "1094"
},
{
"db": "NVD",
"id": "CVE-2000-0301"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0301"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted to Bugtraq on April 5, 2000 by Anthony Santen \u003canthony@santen.net\u003e.",
"sources": [
{
"db": "BID",
"id": "1094"
}
],
"trust": 0.3
},
"cve": "CVE-2000-0301",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-1880",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2000-0301",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200004-008",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-1880",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1880"
},
{
"db": "NVD",
"id": "CVE-2000-0301"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. Due to the implementation of IMail\u0027s authentication scheme, the server could be remotely forced to stop responding to login requests. If the client fails to terminate the connection, IMail will not be able to authenticate any other users due to the fact that it can only authorize one user at a time. \nOnce the client times out the connection, IMail will regain normal functionality. Otherwise the service will have to be restarted",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0301"
},
{
"db": "BID",
"id": "1094"
},
{
"db": "VULHUB",
"id": "VHN-1880"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "1094",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2000-0301",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200004-008",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20000405 RE: IMAIL (IPSWITCH) DOS WITH EUDORA (QUALCOMM)",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-1880",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1880"
},
{
"db": "BID",
"id": "1094"
},
{
"db": "NVD",
"id": "CVE-2000-0301"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
]
},
"id": "VAR-200004-0055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1880"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:05:41.579000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0301"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://support.ipswitch.com/kb/im-20000208-dm02.htm"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/1094"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=95505800117143\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=95505800117143\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1880"
},
{
"db": "BID",
"id": "1094"
},
{
"db": "NVD",
"id": "CVE-2000-0301"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1880"
},
{
"db": "BID",
"id": "1094"
},
{
"db": "NVD",
"id": "CVE-2000-0301"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-1880"
},
{
"date": "2000-04-06T00:00:00",
"db": "BID",
"id": "1094"
},
{
"date": "2000-04-06T04:00:00",
"db": "NVD",
"id": "CVE-2000-0301"
},
{
"date": "2000-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-1880"
},
{
"date": "2000-04-06T00:00:00",
"db": "BID",
"id": "1094"
},
{
"date": "2016-10-18T02:06:42.277000",
"db": "NVD",
"id": "CVE-2000-0301"
},
{
"date": "2010-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMAIL server Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200004-008"
}
],
"trust": 0.6
}
}
VAR-200505-1218
Vulnerability from variot - Updated: 2023-12-18 12:59Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Ipswitch IMail server is a Windows-based communication and collaboration solution. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP SELECT Command DoS Vulnerability
iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=241&type=vulnerabilities May 24, 2005
I. BACKGROUND
Ipswitch IMail server is a Windows based messaging solution with a customer base of over 53 million users. More information about the application is available at:
http://www.ipswitch.com/products/IMail_Server/index.html.
II.
The problem specifically exists in the handling of long arguments to the SELECT command. When a string approximately 260 bytes in size is supplied a stack-based buffer overflow occurs that results in an unhandled access violation forcing the daemon to exit. The issue is not believed to be further exploitable.
III. ANALYSIS
Successful exploitation allows remote to crash vulnerable IMAP servers and thereby prevent legitimate usage. The SELECT command is only available post authentication and therefore valid credentials are required to exploit this vulnerability
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in the latest version of Ipswitch IMAIL, version 8.13. Version 8.12 is also confirmed as vulnerable. It is suspected that earlier versions are vulnerable as well.
V. WORKAROUND
As this vulnerability is exploited after authentication occurs, ensuring
that only trusted users have accounts can mitigate the risk somwhat. As a more effective workaround, consider limiting access to the IMAP server
by filtering TCP port 143. If possible, consider disabling IMAP and forcing users to use POP3.
VI. VENDOR RESPONSE
The vendor has released the following patch to fix this vulnerability:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe
The associated vendor advisory can be found at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf 2.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-1254 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
04/15/2005 Initial vendor notification 05/10/2005 Initial vendor response 05/24/2005 Coordinated public disclosure
IX. CREDIT
Sebastian Apelt is credited with this discovery.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright (c) 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "8.12"
},
{
"model": "imail",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "server_8.2_hotfix_2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "server_8.2_hotfix_2"
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "13727"
},
{
"db": "NVD",
"id": "CVE-2005-1254"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:8.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "server_8.2_hotfix_2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1254"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1254",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-12463",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1254",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1195",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12463",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12463"
},
{
"db": "NVD",
"id": "CVE-2005-1254"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. \nThe vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Ipswitch IMail server is a Windows-based communication and collaboration solution. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP SELECT Command DoS Vulnerability\n\niDEFENSE Security Advisory 05.24.05\nwww.idefense.com/application/poi/display?id=241\u0026type=vulnerabilities\nMay 24, 2005\n\nI. BACKGROUND\n\nIpswitch IMail server is a Windows based messaging solution with a\ncustomer base of over 53 million users. More information about the\napplication is available at:\n\n http://www.ipswitch.com/products/IMail_Server/index.html. \n\nII. \n\nThe problem specifically exists in the handling of long arguments to the\nSELECT command. When a string approximately 260 bytes in size is\nsupplied a stack-based buffer overflow occurs that results in an\nunhandled access violation forcing the daemon to exit. The issue is not\nbelieved to be further exploitable. \n\nIII. ANALYSIS\n\nSuccessful exploitation allows remote to crash vulnerable IMAP servers\nand thereby prevent legitimate usage. The SELECT command is only\navailable post authentication and therefore valid credentials are\nrequired to exploit this vulnerability\n\nIV. DETECTION\n\niDEFENSE has confirmed the existence of this vulnerability in the latest\nversion of Ipswitch IMAIL, version 8.13. Version 8.12 is also confirmed\nas vulnerable. It is suspected that earlier versions are vulnerable as\nwell. \n\nV. WORKAROUND\n\nAs this vulnerability is exploited after authentication occurs, ensuring\n\nthat only trusted users have accounts can mitigate the risk somwhat. As \na more effective workaround, consider limiting access to the IMAP server\n\nby filtering TCP port 143. If possible, consider disabling IMAP and \nforcing users to use POP3. \n\nVI. VENDOR RESPONSE\n\nThe vendor has released the following patch to fix this vulnerability:\n\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe\n\nThe associated vendor advisory can be found at:\n\nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im82hf\n2.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-1254 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n04/15/2005 Initial vendor notification\n05/10/2005 Initial vendor response\n05/24/2005 Coordinated public disclosure\n\nIX. CREDIT\n\nSebastian Apelt is credited with this discovery. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright (c) 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1254"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "VULHUB",
"id": "VHN-12463"
},
{
"db": "PACKETSTORM",
"id": "39314"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12463",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12463"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1254",
"trust": 2.1
},
{
"db": "BID",
"id": "13727",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014047",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050524 IPSWITCH IMAIL IMAP SELECT COMMAND DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "39314",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-12463",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12463"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39314"
},
{
"db": "NVD",
"id": "CVE-2005-1254"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
]
},
"id": "VAR-200505-1218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12463"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:59:29.491000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1254"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/13727"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014047"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/application/poi/display?id=241\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "/archive/1/400543"
},
{
"trust": 0.3,
"url": "/archive/1/400542"
},
{
"trust": 0.3,
"url": "/archive/1/400546"
},
{
"trust": 0.3,
"url": "/archive/1/400541"
},
{
"trust": 0.3,
"url": "/archive/1/400545"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=241\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1254"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/imail_server/index.html."
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12463"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39314"
},
{
"db": "NVD",
"id": "CVE-2005-1254"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12463"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39314"
},
{
"db": "NVD",
"id": "CVE-2005-1254"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-12463"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13727"
},
{
"date": "2005-08-14T20:34:55",
"db": "PACKETSTORM",
"id": "39314"
},
{
"date": "2005-05-25T04:00:00",
"db": "NVD",
"id": "CVE-2005-1254"
},
{
"date": "2005-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-12463"
},
{
"date": "2007-04-03T03:12:00",
"db": "BID",
"id": "13727"
},
{
"date": "2008-11-15T05:46:12.017000",
"db": "NVD",
"id": "CVE-2005-1254"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "39314"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP SELECT Command denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1195"
}
],
"trust": 0.6
}
}
VAR-200505-1216
Vulnerability from variot - Updated: 2023-12-18 12:59The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Attackers can use this vulnerability to cause the target service to crash. The cause of the vulnerability is the handling of extremely long parameters of the SELECT command. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP LSUB DoS Vulnerability
iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=245&type=vulnerabilities May 24, 2005
I. BACKGROUND
Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for Microsoft Windows with a customer base of over 53 million users. More information is available on the vendor's website:
http://www.ipswitch.com/products/IMail_Server/index.html
II.
The problem specifically exists within IMAPD32.EXE upon parsing a malformed LSUB command. An attacker can cause the daemon to produce heavy load by transmitting a long string of NULL characters to the 'LSUB' IMAP directive. This, in turn, causes an infinite loop, eventually exhausting all available system resources and causing a denial of service.
III. ANALYSIS
Exploitation allows unauthenticated remote attackers to render the IMAP server useless, thereby preventing legitimate users from retrieving e- mail. This attack takes few resources to launch and can be repeated to ensure that an unpatched system is unable to recover. Exploitation requires a valid IMAP account, thus limiting the impact of this vulnerability.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in Ipswitch IMail version 8.13. It is suspected that earlier versions are also vulnerable.
V. WORKAROUND
As this vulnerability is exploited after authentication occurs, ensuring
that only trusted users have accounts can mitigate the risk somwhat. As a more effective workaround, consider limiting access to the IMAP server
by filtering TCP port 143. If possible, consider disabling IMAP and forcing users to use POP3.
VI. VENDOR RESPONSE
The vendor has released the following patch to fix this vulnerability:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe
The associated vendor advisory can be found at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf 2.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-1249 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
04/25/2005 Initial vendor notification 05/10/2005 Initial vendor response 05/24/2005 Public disclosure
IX. CREDIT
The discoverer of the first vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright (c) 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1216",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "*"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.6,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "13727"
},
{
"db": "NVD",
"id": "CVE-2005-1249"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1249"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1249",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-12458",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1249",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1198",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12458",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12458"
},
{
"db": "NVD",
"id": "CVE-2005-1249"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. \nThe vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Attackers can use this vulnerability to cause the target service to crash. The cause of the vulnerability is the handling of extremely long parameters of the SELECT command. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP LSUB DoS Vulnerability\n\niDEFENSE Security Advisory 05.24.05\nwww.idefense.com/application/poi/display?id=245\u0026type=vulnerabilities\nMay 24, 2005\n\nI. BACKGROUND\n\nIpswitch Collaboration Suite (ICS) is a comprehensive communication and \ncollaboration solution for Microsoft Windows with a customer base of \nover 53 million users. More information is available on the vendor\u0027s \nwebsite:\n\n http://www.ipswitch.com/products/IMail_Server/index.html\n\nII. \n\nThe problem specifically exists within IMAPD32.EXE upon parsing a \nmalformed LSUB command. An attacker can cause the daemon to produce \nheavy load by transmitting a long string of NULL characters to the \n\u0027LSUB\u0027 IMAP directive. This, in turn, causes an infinite loop, \neventually exhausting all available system resources and causing a \ndenial of service. \n\nIII. ANALYSIS\n\nExploitation allows unauthenticated remote attackers to render the IMAP \nserver useless, thereby preventing legitimate users from retrieving e-\nmail. This attack takes few resources to launch and can be repeated \nto ensure that an unpatched system is unable to recover. Exploitation \nrequires a valid IMAP account, thus limiting the impact of this \nvulnerability. \n\nIV. DETECTION\n\niDEFENSE has confirmed the existence of this vulnerability in Ipswitch \nIMail version 8.13. It is suspected that earlier versions are also \nvulnerable. \n\nV. WORKAROUND\n\nAs this vulnerability is exploited after authentication occurs, ensuring\n\nthat only trusted users have accounts can mitigate the risk somwhat. As \na more effective workaround, consider limiting access to the IMAP server\n\nby filtering TCP port 143. If possible, consider disabling IMAP and \nforcing users to use POP3. \n\nVI. VENDOR RESPONSE\n\nThe vendor has released the following patch to fix this vulnerability:\n\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe\n\nThe associated vendor advisory can be found at:\n\nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im82hf\n2.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-1249 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n04/25/2005 Initial vendor notification\n05/10/2005 Initial vendor response\n05/24/2005 Public disclosure\n\nIX. CREDIT\n\nThe discoverer of the first vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright (c) 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1249"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "VULHUB",
"id": "VHN-12458"
},
{
"db": "PACKETSTORM",
"id": "39311"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12458",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12458"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1249",
"trust": 2.1
},
{
"db": "BID",
"id": "13727",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014047",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050524 IPSWITCH IMAIL IMAP LSUB DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "39311",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-12458",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12458"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39311"
},
{
"db": "NVD",
"id": "CVE-2005-1249"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
]
},
"id": "VAR-200505-1216",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12458"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:59:29.463000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1249"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/13727"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014047"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/application/poi/display?id=245\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "/archive/1/400543"
},
{
"trust": 0.3,
"url": "/archive/1/400542"
},
{
"trust": 0.3,
"url": "/archive/1/400546"
},
{
"trust": 0.3,
"url": "/archive/1/400541"
},
{
"trust": 0.3,
"url": "/archive/1/400545"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=245\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1249"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12458"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39311"
},
{
"db": "NVD",
"id": "CVE-2005-1249"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12458"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39311"
},
{
"db": "NVD",
"id": "CVE-2005-1249"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-12458"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13727"
},
{
"date": "2005-08-14T20:30:55",
"db": "PACKETSTORM",
"id": "39311"
},
{
"date": "2005-05-25T04:00:00",
"db": "NVD",
"id": "CVE-2005-1249"
},
{
"date": "2005-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-12458"
},
{
"date": "2007-04-03T03:12:00",
"db": "BID",
"id": "13727"
},
{
"date": "2008-11-15T05:46:11.530000",
"db": "NVD",
"id": "CVE-2005-1249"
},
{
"date": "2006-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "39311"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP SELECT Command denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1198"
}
],
"trust": 0.6
}
}
VAR-200505-1219
Vulnerability from variot - Updated: 2023-12-18 12:59Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Attackers can use this vulnerability to cause the target service to crash. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities
iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=243&type=vulnerabilities May 24, 2005
I. BACKGROUND
Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for Microsoft Windows with a customer base of over 53 million users. More information is available on the vendor's website:
http://www.ipswitch.com/products/IMail_Server/index.html
II.
The first vulnerability specifically exists in the handling of a long username to the LOGIN command. A long username argument of approximately
2,000 bytes will cause a stack based unicode string buffer overflow providing the attacker with partial control over EIP. As this vulnerability is in the LOGIN command itself, valid credentials are not required.
The second vulnerability also exists in the handling of the LOGIN command username argument, however it lends itself to easier exploitation. If a large username starting with one of several special characters is specified, a stack overflow occurs, allowing an attacker to overwrite the saved instruction pointer and control execution flow. Included in the list of special characters are the following: % : * @ &
Both of these vulnerabilities can lead to the execution of arbitrary code.
III. Valid credentials are not required to for exploitation, which heightens the impact of this vulnerability.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in the latest
version of Ipswitch IMAIL, version 8.13. Version 8.12 is also confirmed as vulnerable. It is suspected that earlier versions are also vulnerable.
V. WORKAROUND
As this vulnerability is exploited before authentication occurs, the only effective workaround is to limit access to the IMAP server by filtering TCP port 143. If possible, consider disabling IMAP and forcing
users to use POP3.
VI. VENDOR RESPONSE
The vendor has released the following patch to fix this vulnerability:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe
The associated vendor advisory can be found at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf 2.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-1255 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
04/25/2005 Initial vendor notification 05/10/2005 Initial vendor response 05/24/2005 Public disclosure
IX. CREDIT
The discoverer of the first vulnerability wishes to remain anonymous. iDEFENSE Labs is credited with the discovery of the second vulnerability.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright (c) 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "8.12"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "*"
},
{
"model": "imail server",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "8.2_hotfix_2"
},
{
"model": "imail server",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "8.2_hotfix_2"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.6,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "13727"
},
{
"db": "NVD",
"id": "CVE-2005-1255"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:8.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2_hotfix_2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1255"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1255",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-12464",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1255",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1200",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-12464",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12464"
},
{
"db": "NVD",
"id": "CVE-2005-1255"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. \nThe vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Attackers can use this vulnerability to cause the target service to crash. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities\n\niDEFENSE Security Advisory 05.24.05\nwww.idefense.com/application/poi/display?id=243\u0026type=vulnerabilities\nMay 24, 2005\n\nI. BACKGROUND\n\nIpswitch Collaboration Suite (ICS) is a comprehensive communication and \ncollaboration solution for Microsoft Windows with a customer base of \nover 53 million users. More information is available on the vendor\u0027s \nwebsite:\n\n http://www.ipswitch.com/products/IMail_Server/index.html\n\nII. \n\nThe first vulnerability specifically exists in the handling of a long \nusername to the LOGIN command. A long username argument of approximately\n\n2,000 bytes will cause a stack based unicode string buffer overflow \nproviding the attacker with partial control over EIP. As this \nvulnerability is in the LOGIN command itself, valid credentials are not \nrequired. \n\nThe second vulnerability also exists in the handling of the LOGIN \ncommand username argument, however it lends itself to easier \nexploitation. If a large username starting with one of several special \ncharacters is specified, a stack overflow occurs, allowing an attacker \nto overwrite the saved instruction pointer and control execution flow. \nIncluded in the list of special characters are the following: % : * @ \u0026 \n\nBoth of these vulnerabilities can lead to the execution of arbitrary\ncode. \n\nIII. Valid credentials are not required to for \nexploitation, which heightens the impact of this vulnerability. \n\nIV. DETECTION\n\niDEFENSE has confirmed the existence of this vulnerability in the latest\n\nversion of Ipswitch IMAIL, version 8.13. Version 8.12 is also confirmed \nas vulnerable. It is suspected that earlier versions are also \nvulnerable. \n\nV. WORKAROUND\n\nAs this vulnerability is exploited before authentication occurs, the \nonly effective workaround is to limit access to the IMAP server by \nfiltering TCP port 143. If possible, consider disabling IMAP and forcing\n\nusers to use POP3. \n\nVI. VENDOR RESPONSE\n\nThe vendor has released the following patch to fix this vulnerability:\n\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe\n\nThe associated vendor advisory can be found at:\n\nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im82hf\n2.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-1255 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n04/25/2005 Initial vendor notification\n05/10/2005 Initial vendor response\n05/24/2005 Public disclosure\n\nIX. CREDIT\n\nThe discoverer of the first vulnerability wishes to remain anonymous. \niDEFENSE Labs is credited with the discovery of the second\nvulnerability. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright (c) 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1255"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "VULHUB",
"id": "VHN-12464"
},
{
"db": "PACKETSTORM",
"id": "39312"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12464",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12464"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1255",
"trust": 2.1
},
{
"db": "BID",
"id": "13727",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014047",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050524 IPSWITCH IMAIL IMAP LOGIN REMOTE BUFFER OVERFLOW VULNERABILITIES",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "39312",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-63181",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "1124",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "3627",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "1035",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-12464",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12464"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39312"
},
{
"db": "NVD",
"id": "CVE-2005-1255"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
]
},
"id": "VAR-200505-1219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12464"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:59:29.520000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1255"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/13727"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014047"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/application/poi/display?id=243\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "/archive/1/400543"
},
{
"trust": 0.3,
"url": "/archive/1/400542"
},
{
"trust": 0.3,
"url": "/archive/1/400546"
},
{
"trust": 0.3,
"url": "/archive/1/400541"
},
{
"trust": 0.3,
"url": "/archive/1/400545"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=243\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1255"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12464"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39312"
},
{
"db": "NVD",
"id": "CVE-2005-1255"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12464"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39312"
},
{
"db": "NVD",
"id": "CVE-2005-1255"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-12464"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13727"
},
{
"date": "2005-08-14T20:32:32",
"db": "PACKETSTORM",
"id": "39312"
},
{
"date": "2005-05-25T04:00:00",
"db": "NVD",
"id": "CVE-2005-1255"
},
{
"date": "2005-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-12464"
},
{
"date": "2007-04-03T03:12:00",
"db": "BID",
"id": "13727"
},
{
"date": "2008-11-15T05:46:12.157000",
"db": "NVD",
"id": "CVE-2005-1255"
},
{
"date": "2006-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "39312"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP SELECT Command denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1200"
}
],
"trust": 0.6
}
}
VAR-200505-1220
Vulnerability from variot - Updated: 2023-12-18 12:59Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Attackers can use this vulnerability to cause the target service to crash. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability
iDEFENSE Security Advisory 05.24.05 www.idefense.com/application/poi/display?id=244&type=vulnerabilities May 24, 2005
I. BACKGROUND
Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration solution for Microsoft Windows with a customer base of over 53 million users. More information is available on the vendor's website:
http://www.ipswitch.com/products/IMail_Server/index.html
II.
The vulnerability specifically exists in the handling of a long mailbox name to the STATUS command. A long mailbox name argument will cause a stack based buffer overflow, providing the attacker with full control over the saved return address on the stack. Once this has been achieved,
execution of arbitrary code becomes trivial. As this vulnerability is in
the STATUS command, which requires that a session is authenticated, valid credentials are required.
III. Valid credentials are required for exploitation, which lessens the impact of this vulnerability.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in Ipswitch IMail version 8.13. It is suspected that earlier versions are also vulnerable.
V. WORKAROUND
As this vulnerability is exploited after authentication occurs, ensuring
that only trusted users have accounts can mitigate the risk somwhat. As a more effective workaround, consider limiting access to the IMAP server
by filtering TCP port 143. If possible, consider disabling IMAP and forcing users to use POP3.
VI. VENDOR RESPONSE
The vendor has released the following patch to fix this vulnerability:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe
The associated vendor advisory can be found at:
http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf 2.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-1256 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
04/25/2005 Initial vendor notification 05/10/2005 Initial vendor response 05/24/2005 Public disclosure
IX. CREDIT
iDEFENSE Labs is credited with this discovery.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright (c) 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.0,
"vendor": "ipswitch",
"version": "*"
},
{
"model": "imail server",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "8.2_hotfix_2"
},
{
"model": "collaboration suite",
"scope": null,
"trust": 0.6,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail server",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "8.2_hotfix_2"
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "13727"
},
{
"db": "NVD",
"id": "CVE-2005-1256"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2_hotfix_2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1256"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1256",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-12465",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1256",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1201",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-12465",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12465"
},
{
"db": "NVD",
"id": "CVE-2005-1256"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. \nThe vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Attackers can use this vulnerability to cause the target service to crash. However, this vulnerability cannot be further exploited. Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability\n\niDEFENSE Security Advisory 05.24.05\nwww.idefense.com/application/poi/display?id=244\u0026type=vulnerabilities\nMay 24, 2005\n\nI. BACKGROUND\n\nIpswitch Collaboration Suite (ICS) is a comprehensive communication and \ncollaboration solution for Microsoft Windows with a customer base of \nover 53 million users. More information is available on the vendor\u0027s \nwebsite:\n\n http://www.ipswitch.com/products/IMail_Server/index.html\n\nII. \n\nThe vulnerability specifically exists in the handling of a long mailbox \nname to the STATUS command. A long mailbox name argument will cause a \nstack based buffer overflow, providing the attacker with full control \nover the saved return address on the stack. Once this has been achieved,\n\nexecution of arbitrary code becomes trivial. As this vulnerability is in\n\nthe STATUS command, which requires that a session is authenticated, \nvalid credentials are required. \n\nIII. Valid credentials are required for \nexploitation, which lessens the impact of this vulnerability. \n\nIV. DETECTION\n\niDEFENSE has confirmed the existence of this vulnerability in Ipswitch \nIMail version 8.13. It is suspected that earlier versions are also \nvulnerable. \n\nV. WORKAROUND\n\nAs this vulnerability is exploited after authentication occurs, ensuring\n\nthat only trusted users have accounts can mitigate the risk somwhat. As \na more effective workaround, consider limiting access to the IMAP server\n\nby filtering TCP port 143. If possible, consider disabling IMAP and \nforcing users to use POP3. \n\nVI. VENDOR RESPONSE\n\nThe vendor has released the following patch to fix this vulnerability:\n\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe\n\nThe associated vendor advisory can be found at:\n\nhttp://www.ipswitch.com/support/imail/releases/imail_professional/im82hf\n2.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-1256 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n04/25/2005 Initial vendor notification\n05/10/2005 Initial vendor response\n05/24/2005 Public disclosure\n\nIX. CREDIT\n\niDEFENSE Labs is credited with this discovery. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright (c) 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1256"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "VULHUB",
"id": "VHN-12465"
},
{
"db": "PACKETSTORM",
"id": "39310"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12465",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12465"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1256",
"trust": 2.1
},
{
"db": "BID",
"id": "13727",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014047",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050524 IPSWITCH IMAIL IMAP STATUS REMOTE BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "39310",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-12465",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12465"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39310"
},
{
"db": "NVD",
"id": "CVE-2005-1256"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
]
},
"id": "VAR-200505-1220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12465"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:59:29.549000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1256"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/13727"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014047"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/application/poi/display?id=244\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "/archive/1/400543"
},
{
"trust": 0.3,
"url": "/archive/1/400542"
},
{
"trust": 0.3,
"url": "/archive/1/400546"
},
{
"trust": 0.3,
"url": "/archive/1/400541"
},
{
"trust": 0.3,
"url": "/archive/1/400545"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=244\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1256"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12465"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39310"
},
{
"db": "NVD",
"id": "CVE-2005-1256"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12465"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "PACKETSTORM",
"id": "39310"
},
{
"db": "NVD",
"id": "CVE-2005-1256"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-12465"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13727"
},
{
"date": "2005-08-14T20:29:45",
"db": "PACKETSTORM",
"id": "39310"
},
{
"date": "2005-05-25T04:00:00",
"db": "NVD",
"id": "CVE-2005-1256"
},
{
"date": "2005-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-12465"
},
{
"date": "2007-04-03T03:12:00",
"db": "BID",
"id": "13727"
},
{
"date": "2008-11-15T05:46:12.360000",
"db": "NVD",
"id": "CVE-2005-1256"
},
{
"date": "2006-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "39310"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP SELECT Command denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1201"
}
],
"trust": 0.6
}
}
VAR-200505-1217
Vulnerability from variot - Updated: 2023-12-18 12:59Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Ipswitch IMail server is a Windows-based communication and collaboration solution. There is a remote denial of service vulnerability in the Imail IMAP server of Ipswitch Inc. Attackers can use this vulnerability to cause the target service to crash. The cause of the vulnerability is the handling of extremely long parameters of the SELECT command. If the attacker can provide a string with a length of about 260 bytes, it may trigger a stack overflow and cause the daemon to exit. However, this vulnerability cannot be further exploited
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1217",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "8.13"
},
{
"model": "imail server",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "8.2_hotfix_2"
},
{
"model": "imail server",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "8.2_hotfix_2"
},
{
"model": "imail hotfix",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.151"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.14"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.12"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "5.0"
},
{
"model": "imail hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "8.22"
}
],
"sources": [
{
"db": "BID",
"id": "13727"
},
{
"db": "NVD",
"id": "CVE-2005-1252"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2_hotfix_2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1252"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1252",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12461",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1252",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1204",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12461",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12461"
},
{
"db": "NVD",
"id": "CVE-2005-1252"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via \"..\\\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. \nThe vulnerabilities include a directory-traversal issue, two remote denial-of-service issues, and multiple buffer-overflow issues. Ipswitch IMail server is a Windows-based communication and collaboration solution. There is a remote denial of service vulnerability in the Imail IMAP server of Ipswitch Inc. Attackers can use this vulnerability to cause the target service to crash. The cause of the vulnerability is the handling of extremely long parameters of the SELECT command. If the attacker can provide a string with a length of about 260 bytes, it may trigger a stack overflow and cause the daemon to exit. However, this vulnerability cannot be further exploited",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1252"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "VULHUB",
"id": "VHN-12461"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12461",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12461"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1252",
"trust": 2.0
},
{
"db": "BID",
"id": "13727",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1014047",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1204",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050524 IPSWITCH IMAIL WEB CALENDARING ARBITRARY FILE READ VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "39313",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-12461",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12461"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "NVD",
"id": "CVE-2005-1252"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
]
},
"id": "VAR-200505-1217",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12461"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:59:29.438000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1252"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/13727"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014047"
},
{
"trust": 1.6,
"url": "http://www.idefense.com/application/poi/display?id=242\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
},
{
"trust": 0.3,
"url": "/archive/1/400543"
},
{
"trust": 0.3,
"url": "/archive/1/400542"
},
{
"trust": 0.3,
"url": "/archive/1/400546"
},
{
"trust": 0.3,
"url": "/archive/1/400541"
},
{
"trust": 0.3,
"url": "/archive/1/400545"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=242\u0026amp;type=vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12461"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "NVD",
"id": "CVE-2005-1252"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12461"
},
{
"db": "BID",
"id": "13727"
},
{
"db": "NVD",
"id": "CVE-2005-1252"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-12461"
},
{
"date": "2005-05-24T00:00:00",
"db": "BID",
"id": "13727"
},
{
"date": "2005-05-25T04:00:00",
"db": "NVD",
"id": "CVE-2005-1252"
},
{
"date": "2005-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-12461"
},
{
"date": "2007-04-03T03:12:00",
"db": "BID",
"id": "13727"
},
{
"date": "2008-11-15T05:46:11.843000",
"db": "NVD",
"id": "CVE-2005-1252"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail IMAP SELECT Command denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1204"
}
],
"trust": 0.6
}
}
VAR-200901-0467
Vulnerability from variot - Updated: 2023-12-18 12:58Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Ipswitch IMail and ICS server. Authentication is not required to exploit this vulnerability.The specific flaw resides in IMailsec.dll while attempting to authenticate users. The affected component is used by multiple services that listen on a default installation. The authentication mechanism copies user-supplied data into fixed length heap buffers using the lstrcpyA() function. The unbounded copy operation can cause a memory corruption resulting in an exploitable condition. Authentication is required to exploit this vulnerability.The specific flaw exists due to a lack of bounds checking during theparsing of arguments to the SUBSCRIBE IMAP command sent to the IMAP daemon listening by default on TCP port 143. By providing an overly long string as the argument, an exploitable stack-based buffer overflow occurs. Ipswitch IMail Server is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Exploit attempts may also cause the application to crash. Ipswitch IMail Server 2006 is vulnerable to these issues; other versions may also be affected. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. IMail bundles an IMAP daemon (imapd32.exe) that allows users to access mail. ZDI-07-042: Ipswitch IMail Server GetIMailHostEntry Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-042.html July 24, 2007
-- CVE ID: CVE-2007-2795
-- Affected Vendor: Ipswitch
-- Affected Products: Ipswitch IMail Ipswitch Collaboration Suite
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since July 24, 2007 by Digital Vaccine protection filter ID 5224.
-- Vendor Response: Ipswitch has issued an update to correct this vulnerability. More details can be found at:
http://www.ipswitch.com/support/imail/releases/im200621.asp
-- Disclosure Timeline: 2007.02.26 - Vulnerability reported to vendor 2007.07.24 - Digital Vaccine released to TippingPoint customers 2007.07.24 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by Sebastian Apelt (webmaster@buzzworld.org).
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster@3com.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200901-0467",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006.1"
},
{
"model": "imail",
"scope": null,
"trust": 1.4,
"vendor": "ipswitch",
"version": null
},
{
"model": "imail",
"scope": "lte",
"trust": 1.0,
"vendor": "ipswitch",
"version": "2006.2"
},
{
"model": "imail",
"scope": "lte",
"trust": 0.8,
"vendor": "ipswitch",
"version": "2006.21"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.6,
"vendor": "ipswitch",
"version": "2006.2"
},
{
"model": "imail server",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "imail server",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.21"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"db": "BID",
"id": "24962"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "NVD",
"id": "CVE-2007-2795"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2006.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:2006.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2795"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt (webmaster@buzzworld.org)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
}
],
"trust": 1.4
},
"cve": "CVE-2007-2795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-2795",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-26157",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-2795",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200901-363",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-26157",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26157"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "NVD",
"id": "CVE-2007-2795"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Ipswitch IMail and ICS server. Authentication is not required to exploit this vulnerability.The specific flaw resides in IMailsec.dll while attempting to authenticate users. The affected component is used by multiple services that listen on a default installation. The authentication mechanism copies user-supplied data into fixed length heap buffers using the lstrcpyA() function. The unbounded copy operation can cause a memory corruption resulting in an exploitable condition. Authentication is required to exploit this vulnerability.The specific flaw exists due to a lack of bounds checking during theparsing of arguments to the SUBSCRIBE IMAP command sent to the IMAP daemon listening by default on TCP port 143. By providing an overly long string as the argument, an exploitable stack-based buffer overflow occurs. Ipswitch IMail Server is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. \nSuccessful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Exploit attempts may also cause the application to crash. \nIpswitch IMail Server 2006 is vulnerable to these issues; other versions may also be affected. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. IMail bundles an IMAP daemon (imapd32.exe) that allows users to access mail. ZDI-07-042: Ipswitch IMail Server GetIMailHostEntry Memory Corruption\n Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-042.html\nJuly 24, 2007\n\n-- CVE ID:\nCVE-2007-2795\n\n-- Affected Vendor:\nIpswitch\n\n-- Affected Products:\nIpswitch IMail\nIpswitch Collaboration Suite\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since July 24, 2007 by Digital Vaccine protection\nfilter ID 5224. \n\n\n-- Vendor Response:\nIpswitch has issued an update to correct this vulnerability. More\ndetails can be found at:\n\n http://www.ipswitch.com/support/imail/releases/im200621.asp\n\n-- Disclosure Timeline:\n2007.02.26 - Vulnerability reported to vendor\n2007.07.24 - Digital Vaccine released to TippingPoint customers\n2007.07.24 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by Sebastian Apelt\n(webmaster@buzzworld.org). \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product. \n\n\nCONFIDENTIALITY NOTICE: This e-mail message, including any attachments,\nis being sent by 3Com for the sole use of the intended recipient(s) and\nmay contain confidential, proprietary and/or privileged information. \nAny unauthorized review, use, disclosure and/or distribution by any \nrecipient is prohibited. If you are not the intended recipient, please\ndelete and/or destroy all copies of this message regardless of form and\nany included attachments and notify 3Com immediately by contacting the\nsender via reply e-mail or forwarding to 3Com at postmaster@3com.com",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2795"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"db": "BID",
"id": "24962"
},
{
"db": "VULHUB",
"id": "VHN-26157"
},
{
"db": "PACKETSTORM",
"id": "58013"
},
{
"db": "PACKETSTORM",
"id": "58012"
}
],
"trust": 3.42
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-26157",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26157"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-2795",
"trust": 4.4
},
{
"db": "ZDI",
"id": "ZDI-07-042",
"trust": 2.8
},
{
"db": "ZDI",
"id": "ZDI-07-043",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-166",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-179",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363",
"trust": 0.7
},
{
"db": "BID",
"id": "24962",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "58013",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58012",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-66887",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81264",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "9662",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-26157",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"db": "VULHUB",
"id": "VHN-26157"
},
{
"db": "BID",
"id": "24962"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "PACKETSTORM",
"id": "58013"
},
{
"db": "PACKETSTORM",
"id": "58012"
},
{
"db": "NVD",
"id": "CVE-2007-2795"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
]
},
"id": "VAR-200901-0467",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26157"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:58:44.318000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "im200621",
"trust": 2.2,
"url": "http://www.ipswitch.com/support/imail/releases/im200621.asp"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26157"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "NVD",
"id": "CVE-2007-2795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.ipswitch.com/support/imail/releases/im200621.asp"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-042/"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-043/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2795"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2795"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-042.html"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-043.html"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
},
{
"trust": 0.3,
"url": "http://docs.ipswitch.com/imail%202006.21/releasenotes/imail_relnotes.htm#newrelease"
},
{
"trust": 0.3,
"url": "/archive/1/474040"
},
{
"trust": 0.3,
"url": "/archive/1/474552"
},
{
"trust": 0.3,
"url": "/archive/1/474553"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2795"
},
{
"trust": 0.2,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.2,
"url": "http://www.zerodayinitiative.com"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"db": "VULHUB",
"id": "VHN-26157"
},
{
"db": "BID",
"id": "24962"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "PACKETSTORM",
"id": "58013"
},
{
"db": "PACKETSTORM",
"id": "58012"
},
{
"db": "NVD",
"id": "CVE-2007-2795"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"db": "VULHUB",
"id": "VHN-26157"
},
{
"db": "BID",
"id": "24962"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"db": "PACKETSTORM",
"id": "58013"
},
{
"db": "PACKETSTORM",
"id": "58012"
},
{
"db": "NVD",
"id": "CVE-2007-2795"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-19T00:00:00",
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"date": "2007-07-19T00:00:00",
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"date": "2009-01-27T00:00:00",
"db": "VULHUB",
"id": "VHN-26157"
},
{
"date": "2007-07-18T00:00:00",
"db": "BID",
"id": "24962"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"date": "2007-07-25T04:32:46",
"db": "PACKETSTORM",
"id": "58013"
},
{
"date": "2007-07-25T04:31:47",
"db": "PACKETSTORM",
"id": "58012"
},
{
"date": "2009-01-27T23:30:00.187000",
"db": "NVD",
"id": "CVE-2007-2795"
},
{
"date": "2007-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-19T00:00:00",
"db": "ZDI",
"id": "ZDI-07-042"
},
{
"date": "2007-07-19T00:00:00",
"db": "ZDI",
"id": "ZDI-07-043"
},
{
"date": "2009-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-26157"
},
{
"date": "2016-07-05T21:38:00",
"db": "BID",
"id": "24962"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001634"
},
{
"date": "2009-01-28T05:00:00",
"db": "NVD",
"id": "CVE-2007-2795"
},
{
"date": "2009-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server Multiple Buffer Overflow Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "24962"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-363"
}
],
"trust": 0.6
}
}
VAR-200703-0303
Vulnerability from variot - Updated: 2023-12-18 12:53Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. A buffer overflow vulnerability exists in the IMAILAPILib ActiveX control (IMailAPI.dll) of Ipswitch IMail Server versions prior to 2006.2.
Want a new job? http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/
TITLE: Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflows
SECUNIA ADVISORY ID: SA24422
VERIFY ADVISORY: http://secunia.com/advisories/24422/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ IMail Server 2006 http://secunia.com/product/8653/
DESCRIPTION: Some vulnerabilities have been reported in Ipswitch IMail Server/Collaboration Suite, which potentially can be exploited by malicious people to compromise a vulnerable system.
1) Unspecified errors within the IMailServer.WebConnect, IMailLDAPService.Sync3, IMailLDAPService.Init3, IMailServer.Connect, and IMailUserCollection.SetReplyTo components can be exploited to cause buffer overflows via specially crafted packets.
2) An error within an unspecified ActiveX control can be exploited to execute arbitrary code when a user e.g. visits a malicious web site.
SOLUTION: Update to version 2006.2 (Standard Edition only): ftp://ftp.ipswitch.com/Ipswitch/Product_Downloads/ICS_Standard.exe
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Ipswitch: http://www.ipswitch.com/support/ics/updates/ics20062.asp http://support.ipswitch.com/kb/IM-20070305-JH01.htm
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail premium",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006_standard"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "imail plus",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "imail",
"scope": "eq",
"trust": 0.8,
"vendor": "ipswitch",
"version": "2006.2"
},
{
"model": "imail",
"scope": "lt",
"trust": 0.8,
"vendor": "ipswitch",
"version": "server"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"db": "NVD",
"id": "CVE-2007-1637"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail_plus:2006:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail_premium:2006:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006_standard:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1637"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "54869"
}
],
"trust": 0.1
},
"cve": "CVE-2007-1637",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-1637",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-24999",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-1637",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-591",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-24999",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24999"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"db": "NVD",
"id": "CVE-2007-1637"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. A buffer overflow vulnerability exists in the IMAILAPILib ActiveX control (IMailAPI.dll) of Ipswitch IMail Server versions prior to 2006.2. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nIpswitch IMail Server/Collaboration Suite Multiple Buffer Overflows\n\nSECUNIA ADVISORY ID:\nSA24422\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24422/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIpswitch Collaboration Suite 2006\nhttp://secunia.com/product/8652/\nIMail Server 2006\nhttp://secunia.com/product/8653/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Ipswitch IMail\nServer/Collaboration Suite, which potentially can be exploited by\nmalicious people to compromise a vulnerable system. \n\n1) Unspecified errors within the IMailServer.WebConnect,\nIMailLDAPService.Sync3, IMailLDAPService.Init3, IMailServer.Connect,\nand IMailUserCollection.SetReplyTo components can be exploited to\ncause buffer overflows via specially crafted packets. \n\n2) An error within an unspecified ActiveX control can be exploited to\nexecute arbitrary code when a user e.g. visits a malicious web site. \n\nSOLUTION:\nUpdate to version 2006.2 (Standard Edition only):\nftp://ftp.ipswitch.com/Ipswitch/Product_Downloads/ICS_Standard.exe\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nIpswitch:\nhttp://www.ipswitch.com/support/ics/updates/ics20062.asp\nhttp://support.ipswitch.com/kb/IM-20070305-JH01.htm\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1637"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"db": "VULHUB",
"id": "VHN-24999"
},
{
"db": "PACKETSTORM",
"id": "54869"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-1637",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "24422",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1017737",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-0853",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003570",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-591",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20070307 IPSWITCH IMAIL SERVER 2006 MULTIPLE ACTIVEX CONTROL BUFFER OVERFLOW VULNERABILITIE",
"trust": 0.6
},
{
"db": "BID",
"id": "83550",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-24999",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54869",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24999"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"db": "PACKETSTORM",
"id": "54869"
},
{
"db": "NVD",
"id": "CVE-2007-1637"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
}
]
},
"id": "VAR-200703-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24999"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:53:13.862000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IM-20070305-JH01",
"trust": 0.8,
"url": "http://support.ipswitch.com/kb/im-20070305-jh01.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1637"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://support.ipswitch.com/kb/im-20070305-jh01.htm"
},
{
"trust": 1.7,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1017737"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/24422"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0853"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1637"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1637"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/0853"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8652/"
},
{
"trust": 0.1,
"url": "http://secunia.com/disassembling_og_reversing/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/ics/updates/ics20062.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8653/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24422/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24999"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"db": "PACKETSTORM",
"id": "54869"
},
{
"db": "NVD",
"id": "CVE-2007-1637"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-24999"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"db": "PACKETSTORM",
"id": "54869"
},
{
"db": "NVD",
"id": "CVE-2007-1637"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-24999"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"date": "2007-03-08T00:54:52",
"db": "PACKETSTORM",
"id": "54869"
},
{
"date": "2007-03-23T22:19:00",
"db": "NVD",
"id": "CVE-2007-1637"
},
{
"date": "2007-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-591"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-24999"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003570"
},
{
"date": "2011-03-08T02:52:31.627000",
"db": "NVD",
"id": "CVE-2007-1637"
},
{
"date": "2007-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-591"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server of IMAILAPILib ActiveX Control buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003570"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-591"
}
],
"trust": 0.6
}
}
VAR-200512-0832
Vulnerability from variot - Updated: 2023-12-18 12:47Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. Authentication is required to exploit this vulnerability.This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow. The vulnerability presents itself when the server handles a specially crafted IMAP FETCH command. This may result in memory corruption leading to a denial-of-service condition or arbitrary code execution. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system.
TITLE: Ipswitch IMail Server/Collaboration Suite IMAP FETCH Vulnerability
SECUNIA ADVISORY ID: SA19168
VERIFY ADVISORY: http://secunia.com/advisories/19168/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: IMail Secure Server 2006 http://secunia.com/product/8651/ IMail Server 2006 http://secunia.com/product/8653/ Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/
DESCRIPTION: A vulnerability has been reported in Ipswitch IMail Server/Collaboration Suite, which can be exploited by malicious users to cause a DoS (Denial of Service). This can be exploited to cause a buffer overflow, which crashes the server.
Ipswitch Collaboration Suite 2006 Premium Edition: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-premium200603.exe
Ipswitch Collaboration Suite 2006 Standard Edition: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-standard200603.exe
IMail Secure Server 2006: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imailsecure200603.exe
IMail Server 2006: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail200603.exe
PROVIDED AND/OR DISCOVERED BY: The vendor credits 3Com's Zero Day Initiative.
ORIGINAL ADVISORY: http://www.ipswitch.com/support/ics/updates/ics200603prem.asp http://www.ipswitch.com/support/ics/updates/ics200603stan.asp http://www.ipswitch.com/support/imail/releases/imsec200603.asp http://www.ipswitch.com/support/imail/releases/im200603.asp
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-003.html March 13, 2006
-- CVE ID: CVE-2005-3526
-- Affected Vendor: Ipswitch
-- Affected Products: Ipswitch Collaboration Suite 2006.02 and below
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since December 13, 2005 by Digital Vaccine protection filter ID 3982.
-- Vendor Response:
From http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:
"IMAP: Corrected a vulnerability issue where a properly crafted Fetch command causes IMAP to crash with a buffer overflow (disclosed by TippingPoint, a division of 3Com)."
-- Disclosure Timeline: 2005.12.13 - Vulnerability reported to vendor 2005.12.13 - Digital Vaccine released to TippingPoint customers 2006.03.13 - Public release of advisory
-- Credit: This vulnerability was discovered by Manuel Santamarina Suarez aka 'FistFuXXer'.
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006.02_standard"
},
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006.02_premium"
},
{
"_id": null,
"model": "imail",
"scope": null,
"trust": 0.7,
"vendor": "ipswitch",
"version": null
},
{
"_id": null,
"model": "collaboration suite standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "collaboration suite premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "imail server",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "imail secure server",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "collaboration suite standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.03"
},
{
"_id": null,
"model": "collaboration suite premium edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.03"
},
{
"_id": null,
"model": "imail server",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.03"
},
{
"_id": null,
"model": "imail secure server",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
},
{
"db": "BID",
"id": "17063"
},
{
"db": "NVD",
"id": "CVE-2005-3526"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006.02_premium:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006.02_standard:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3526"
}
]
},
"credits": {
"_id": null,
"data": "Manuel Santamarina Suarez",
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
}
],
"trust": 0.7
},
"cve": "CVE-2005-3526",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-14735",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-3526",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-666",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-14735",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14735"
},
{
"db": "NVD",
"id": "CVE-2005-3526"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
}
]
},
"description": {
"_id": null,
"data": "Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. Authentication is required to exploit this vulnerability.This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow. \nThe vulnerability presents itself when the server handles a specially crafted IMAP FETCH command. \nThis may result in memory corruption leading to a denial-of-service condition or arbitrary code execution. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. \n\nTITLE:\nIpswitch IMail Server/Collaboration Suite IMAP FETCH Vulnerability\n\nSECUNIA ADVISORY ID:\nSA19168\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19168/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIMail Secure Server 2006\nhttp://secunia.com/product/8651/\nIMail Server 2006\nhttp://secunia.com/product/8653/\nIpswitch Collaboration Suite 2006\nhttp://secunia.com/product/8652/\n\nDESCRIPTION:\nA vulnerability has been reported in Ipswitch IMail\nServer/Collaboration Suite, which can be exploited by malicious users\nto cause a DoS (Denial of Service). This can be exploited to cause a\nbuffer overflow, which crashes the server. \n\nIpswitch Collaboration Suite 2006 Premium Edition:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-premium200603.exe\n\nIpswitch Collaboration Suite 2006 Standard Edition:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-standard200603.exe\n\nIMail Secure Server 2006:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imailsecure200603.exe\n\nIMail Server 2006:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail200603.exe\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits 3Com\u0027s Zero Day Initiative. \n\nORIGINAL ADVISORY:\nhttp://www.ipswitch.com/support/ics/updates/ics200603prem.asp\nhttp://www.ipswitch.com/support/ics/updates/ics200603stan.asp\nhttp://www.ipswitch.com/support/imail/releases/imsec200603.asp\nhttp://www.ipswitch.com/support/imail/releases/im200603.asp\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-06-003.html\nMarch 13, 2006\n\n-- CVE ID:\nCVE-2005-3526\n\n-- Affected Vendor:\nIpswitch\n\n-- Affected Products:\nIpswitch Collaboration Suite 2006.02 and below\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since December 13, 2005 by Digital Vaccine protection\nfilter ID 3982. \n\n-- Vendor Response:\n\u003e\u003eFrom http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:\n\n\"IMAP: Corrected a vulnerability issue where a properly crafted Fetch\ncommand causes IMAP to crash with a buffer overflow (disclosed by\nTippingPoint, a division of 3Com).\" \n\n-- Disclosure Timeline:\n2005.12.13 - Vulnerability reported to vendor\n2005.12.13 - Digital Vaccine released to TippingPoint customers\n2006.03.13 - Public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by Manuel Santamarina Suarez aka \n\u0027FistFuXXer\u0027. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3526"
},
{
"db": "ZDI",
"id": "ZDI-06-003"
},
{
"db": "BID",
"id": "17063"
},
{
"db": "VULHUB",
"id": "VHN-14735"
},
{
"db": "PACKETSTORM",
"id": "44545"
},
{
"db": "PACKETSTORM",
"id": "44619"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2005-3526",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-06-003",
"trust": 2.5
},
{
"db": "BID",
"id": "17063",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "19168",
"trust": 1.8
},
{
"db": "SREASON",
"id": "577",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015759",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0907",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "23796",
"trust": 1.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-009",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060313 ZDI-06-003: IPSWITCH COLLABORATION SUITE CODE EXECUTION VULNERABILITY",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8565",
"trust": 0.6
},
{
"db": "XF",
"id": "25133",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-14735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44545",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44619",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
},
{
"db": "VULHUB",
"id": "VHN-14735"
},
{
"db": "BID",
"id": "17063"
},
{
"db": "PACKETSTORM",
"id": "44545"
},
{
"db": "PACKETSTORM",
"id": "44619"
},
{
"db": "NVD",
"id": "CVE-2005-3526"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
}
]
},
"id": "VAR-200512-0832",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14735"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:47:13.946000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Ipswitch has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3526"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
},
{
"trust": 1.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-06-003.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/17063"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/23796"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015759"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/19168"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/577"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/427536/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0907"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25133"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25133"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0907"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/427536/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/8565"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8652/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/im200603.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8653/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/ics/updates/ics200603stan.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19168/"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/imail/releases/imsec200603.asp"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8651/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
},
{
"db": "VULHUB",
"id": "VHN-14735"
},
{
"db": "PACKETSTORM",
"id": "44545"
},
{
"db": "PACKETSTORM",
"id": "44619"
},
{
"db": "NVD",
"id": "CVE-2005-3526"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-06-003",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-14735",
"ident": null
},
{
"db": "BID",
"id": "17063",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "44545",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "44619",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2005-3526",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200512-666",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2006-03-13T00:00:00",
"db": "ZDI",
"id": "ZDI-06-003",
"ident": null
},
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-14735",
"ident": null
},
{
"date": "2006-03-10T00:00:00",
"db": "BID",
"id": "17063",
"ident": null
},
{
"date": "2006-03-11T02:24:56",
"db": "PACKETSTORM",
"id": "44545",
"ident": null
},
{
"date": "2006-03-13T21:51:14",
"db": "PACKETSTORM",
"id": "44619",
"ident": null
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-3526",
"ident": null
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-666",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-04-17T00:00:00",
"db": "ZDI",
"id": "ZDI-06-003",
"ident": null
},
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-14735",
"ident": null
},
{
"date": "2007-02-20T15:56:00",
"db": "BID",
"id": "17063",
"ident": null
},
{
"date": "2018-10-19T15:36:51.563000",
"db": "NVD",
"id": "CVE-2005-3526",
"ident": null
},
{
"date": "2006-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-666",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Ipswitch Collaboration Suite Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-003"
}
],
"trust": 0.7
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-666"
}
],
"trust": 0.6
}
}