cvelistv5 - cve-2005-3526

CVE-2005-3526 (GCVE-0-2005-3526)

Vulnerability from cvelistv5 – Published: 2006-03-13 19:00 – Updated: 2024-08-07 23:17

Summary

Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/427536/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/17063	vdb-entryx_refsource_BID
	http://secunia.com/advisories/19168	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/0907	vdb-entryx_refsource_VUPEN
	http://securityreason.com/securityalert/577	third-party-advisoryx_refsource_SREASON
	http://www.ipswitch.com/support/ics/updates/ics20…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.zerodayinitiative.com/advisories/ZDI-0…	x_refsource_MISC
	http://securitytracker.com/id?1015759	vdb-entryx_refsource_SECTRACK
	http://www.osvdb.org/23796	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:23.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060313 ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/427536/100/0/threaded"
          },
          {
            "name": "17063",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17063"
          },
          {
            "name": "19168",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19168"
          },
          {
            "name": "ADV-2006-0907",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0907"
          },
          {
            "name": "577",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/577"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
          },
          {
            "name": "ipswitch-imap-fetch-bo(25133)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25133"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-003.html"
          },
          {
            "name": "1015759",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015759"
          },
          {
            "name": "23796",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/23796"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-03-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060313 ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/427536/100/0/threaded"
        },
        {
          "name": "17063",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17063"
        },
        {
          "name": "19168",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19168"
        },
        {
          "name": "ADV-2006-0907",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0907"
        },
        {
          "name": "577",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/577"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
        },
        {
          "name": "ipswitch-imap-fetch-bo(25133)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25133"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-003.html"
        },
        {
          "name": "1015759",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015759"
        },
        {
          "name": "23796",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/23796"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3526",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060313 ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/427536/100/0/threaded"
            },
            {
              "name": "17063",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17063"
            },
            {
              "name": "19168",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19168"
            },
            {
              "name": "ADV-2006-0907",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0907"
            },
            {
              "name": "577",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/577"
            },
            {
              "name": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp",
              "refsource": "CONFIRM",
              "url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
            },
            {
              "name": "ipswitch-imap-fetch-bo(25133)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25133"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-003.html",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-003.html"
            },
            {
              "name": "1015759",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015759"
            },
            {
              "name": "23796",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/23796"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3526",
    "datePublished": "2006-03-13T19:00:00",
    "dateReserved": "2005-11-08T00:00:00",
    "dateUpdated": "2024-08-07T23:17:23.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006.02_premium:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACA7F7E4-4023-4B94-AEEE-5D658F0F5AAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006.02_standard:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC104EA1-FCF0-4807-B4BA-736EF388C6A2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.\"}]",
      "id": "CVE-2005-3526",
      "lastModified": "2024-11-21T00:02:06.580",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2005-12-31T05:00:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/19168\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/577\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1015759\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ipswitch.com/support/ics/updates/ics200603prem.asp\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/23796\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/427536/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/17063\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/0907\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-06-003.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25133\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/19168\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/577\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1015759\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ipswitch.com/support/ics/updates/ics200603prem.asp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/23796\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/427536/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/17063\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/0907\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-06-003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25133\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-3526\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-12-31T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006.02_premium:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACA7F7E4-4023-4B94-AEEE-5D658F0F5AAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006.02_standard:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC104EA1-FCF0-4807-B4BA-736EF388C6A2\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/19168\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/577\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015759\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ipswitch.com/support/ics/updates/ics200603prem.asp\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/23796\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/427536/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17063\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/0907\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-06-003.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25133\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015759\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ipswitch.com/support/ics/updates/ics200603prem.asp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/23796\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/427536/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17063\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/0907\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-06-003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2005-3526

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.

Aliases

CVE-2005-3526

Aliases

CVE-2005-3526

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3526",
    "description": "Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.",
    "id": "GSD-2005-3526"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3526"
      ],
      "details": "Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.",
      "id": "GSD-2005-3526",
      "modified": "2023-12-13T01:20:12.709435Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-3526",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20060313 ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/427536/100/0/threaded"
          },
          {
            "name": "17063",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17063"
          },
          {
            "name": "19168",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19168"
          },
          {
            "name": "ADV-2006-0907",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/0907"
          },
          {
            "name": "577",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/577"
          },
          {
            "name": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp",
            "refsource": "CONFIRM",
            "url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
          },
          {
            "name": "ipswitch-imap-fetch-bo(25133)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25133"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-003.html",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-003.html"
          },
          {
            "name": "1015759",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015759"
          },
          {
            "name": "23796",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/23796"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006.02_premium:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006.02_standard:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3526"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-003.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-003.html"
            },
            {
              "name": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
            },
            {
              "name": "19168",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19168"
            },
            {
              "name": "17063",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17063"
            },
            {
              "name": "23796",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/23796"
            },
            {
              "name": "1015759",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015759"
            },
            {
              "name": "577",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/577"
            },
            {
              "name": "ADV-2006-0907",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/0907"
            },
            {
              "name": "ipswitch-imap-fetch-bo(25133)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25133"
            },
            {
              "name": "20060313 ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/427536/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-19T15:36Z",
      "publishedDate": "2005-12-31T05:00Z"
    }
  }
}

FKIE_CVE-2005-3526

Vulnerability from fkie_nvd - Published: 2005-12-31 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/19168	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/577
cve@mitre.org	http://securitytracker.com/id?1015759
cve@mitre.org	http://www.ipswitch.com/support/ics/updates/ics200603prem.asp
cve@mitre.org	http://www.osvdb.org/23796
cve@mitre.org	http://www.securityfocus.com/archive/1/427536/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17063
cve@mitre.org	http://www.vupen.com/english/advisories/2006/0907
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-06-003.html	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/25133
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19168	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/577
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015759
af854a3a-2127-422b-91ae-364da2661108	http://www.ipswitch.com/support/ics/updates/ics200603prem.asp
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/23796
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/427536/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17063
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/0907
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-06-003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25133

Impacted products

	Vendor	Product	Version
	ipswitch	ipswitch_collaboration_suite	2006.02_premium
	ipswitch	ipswitch_collaboration_suite	2006.02_standard

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006.02_premium:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA7F7E4-4023-4B94-AEEE-5D658F0F5AAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006.02_standard:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC104EA1-FCF0-4807-B4BA-736EF388C6A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command."
    }
  ],
  "id": "CVE-2005-3526",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19168"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/577"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015759"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/23796"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/427536/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17063"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/0907"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/23796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/427536/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/0907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25133"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200512-0832

Vulnerability from variot - Updated: 2023-12-18 12:47

Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. Authentication is required to exploit this vulnerability.This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow. The vulnerability presents itself when the server handles a specially crafted IMAP FETCH command. This may result in memory corruption leading to a denial-of-service condition or arbitrary code execution. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system.

TITLE: Ipswitch IMail Server/Collaboration Suite IMAP FETCH Vulnerability

SECUNIA ADVISORY ID: SA19168

VERIFY ADVISORY: http://secunia.com/advisories/19168/

CRITICAL: Less critical

IMPACT: DoS

WHERE:

From remote

SOFTWARE: IMail Secure Server 2006 http://secunia.com/product/8651/ IMail Server 2006 http://secunia.com/product/8653/ Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/

DESCRIPTION: A vulnerability has been reported in Ipswitch IMail Server/Collaboration Suite, which can be exploited by malicious users to cause a DoS (Denial of Service). This can be exploited to cause a buffer overflow, which crashes the server.

Ipswitch Collaboration Suite 2006 Premium Edition: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-premium200603.exe

Ipswitch Collaboration Suite 2006 Standard Edition: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-standard200603.exe

IMail Secure Server 2006: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imailsecure200603.exe

IMail Server 2006: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail200603.exe

PROVIDED AND/OR DISCOVERED BY: The vendor credits 3Com's Zero Day Initiative.

ORIGINAL ADVISORY: http://www.ipswitch.com/support/ics/updates/ics200603prem.asp http://www.ipswitch.com/support/ics/updates/ics200603stan.asp http://www.ipswitch.com/support/imail/releases/imsec200603.asp http://www.ipswitch.com/support/imail/releases/im200603.asp

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-003.html March 13, 2006

-- CVE ID: CVE-2005-3526

-- Affected Vendor: Ipswitch

-- Affected Products: Ipswitch Collaboration Suite 2006.02 and below

-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since December 13, 2005 by Digital Vaccine protection filter ID 3982.

-- Vendor Response:

From http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:

"IMAP: Corrected a vulnerability issue where a properly crafted Fetch command causes IMAP to crash with a buffer overflow (disclosed by TippingPoint, a division of 3Com)."

-- Disclosure Timeline: 2005.12.13 - Vulnerability reported to vendor 2005.12.13 - Digital Vaccine released to TippingPoint customers 2006.03.13 - Public release of advisory

-- Credit: This vulnerability was discovered by Manuel Santamarina Suarez aka 'FistFuXXer'.

-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "collaboration suite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "2006.02_standard"
      },
      {
        "_id": null,
        "model": "collaboration suite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "2006.02_premium"
      },
      {
        "_id": null,
        "model": "imail",
        "scope": null,
        "trust": 0.7,
        "vendor": "ipswitch",
        "version": null
      },
      {
        "_id": null,
        "model": "collaboration suite standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "2006"
      },
      {
        "_id": null,
        "model": "collaboration suite premium edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "2006"
      },
      {
        "_id": null,
        "model": "imail server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "2006"
      },
      {
        "_id": null,
        "model": "imail secure server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "2006"
      },
      {
        "_id": null,
        "model": "collaboration suite standard edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "2006.03"
      },
      {
        "_id": null,
        "model": "collaboration suite premium edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "2006.03"
      },
      {
        "_id": null,
        "model": "imail server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "2006.03"
      },
      {
        "_id": null,
        "model": "imail secure server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "2006.03"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-06-003"
      },
      {
        "db": "BID",
        "id": "17063"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-666"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006.02_premium:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006.02_standard:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3526"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Manuel Santamarina Suarez",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-06-003"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2005-3526",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": true,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-14735",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-3526",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200512-666",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-14735",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14735"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-666"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. Authentication is required to exploit this vulnerability.This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow. \nThe vulnerability presents itself when the server handles a specially crafted IMAP FETCH command. \nThis may result in memory corruption leading to a denial-of-service condition or arbitrary code execution. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. \n\nTITLE:\nIpswitch IMail Server/Collaboration Suite IMAP FETCH Vulnerability\n\nSECUNIA ADVISORY ID:\nSA19168\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19168/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIMail Secure Server 2006\nhttp://secunia.com/product/8651/\nIMail Server 2006\nhttp://secunia.com/product/8653/\nIpswitch Collaboration Suite 2006\nhttp://secunia.com/product/8652/\n\nDESCRIPTION:\nA vulnerability has been reported in Ipswitch IMail\nServer/Collaboration Suite, which can be exploited by malicious users\nto cause a DoS (Denial of Service). This can be exploited to cause a\nbuffer overflow, which crashes the server. \n\nIpswitch Collaboration Suite 2006 Premium Edition:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-premium200603.exe\n\nIpswitch Collaboration Suite 2006 Standard Edition:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-standard200603.exe\n\nIMail Secure Server 2006:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imailsecure200603.exe\n\nIMail Server 2006:\nftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail200603.exe\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits 3Com\u0027s Zero Day Initiative. \n\nORIGINAL ADVISORY:\nhttp://www.ipswitch.com/support/ics/updates/ics200603prem.asp\nhttp://www.ipswitch.com/support/ics/updates/ics200603stan.asp\nhttp://www.ipswitch.com/support/imail/releases/imsec200603.asp\nhttp://www.ipswitch.com/support/imail/releases/im200603.asp\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-06-003.html\nMarch 13, 2006\n\n-- CVE ID:\nCVE-2005-3526\n\n-- Affected Vendor:\nIpswitch\n\n-- Affected Products:\nIpswitch Collaboration Suite 2006.02 and below\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since December 13, 2005 by Digital Vaccine protection\nfilter ID 3982. \n\n-- Vendor Response:\n\u003e\u003eFrom http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:\n\n\"IMAP: Corrected a vulnerability issue where a properly crafted Fetch\ncommand causes IMAP to crash with a buffer overflow (disclosed by\nTippingPoint, a division of 3Com).\" \n\n-- Disclosure Timeline:\n2005.12.13 - Vulnerability reported to vendor\n2005.12.13 - Digital Vaccine released to TippingPoint customers\n2006.03.13 - Public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by Manuel Santamarina Suarez aka \n\u0027FistFuXXer\u0027. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n    http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3526"
      },
      {
        "db": "ZDI",
        "id": "ZDI-06-003"
      },
      {
        "db": "BID",
        "id": "17063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14735"
      },
      {
        "db": "PACKETSTORM",
        "id": "44545"
      },
      {
        "db": "PACKETSTORM",
        "id": "44619"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2005-3526",
        "trust": 2.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-06-003",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "17063",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "19168",
        "trust": 1.8
      },
      {
        "db": "SREASON",
        "id": "577",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1015759",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-0907",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "23796",
        "trust": 1.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-009",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-666",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20060313 ZDI-06-003: IPSWITCH COLLABORATION SUITE CODE EXECUTION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "8565",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "25133",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-14735",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "44545",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "44619",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-06-003"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14735"
      },
      {
        "db": "BID",
        "id": "17063"
      },
      {
        "db": "PACKETSTORM",
        "id": "44545"
      },
      {
        "db": "PACKETSTORM",
        "id": "44619"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-666"
      }
    ]
  },
  "id": "VAR-200512-0832",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14735"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:47:13.946000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Ipswitch has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-06-003"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3526"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
      },
      {
        "trust": 1.8,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-06-003.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/17063"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/23796"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1015759"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/19168"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/577"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/427536/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/0907"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25133"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/25133"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/0907"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/427536/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/8565"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/8652/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ipswitch.com/support/imail/releases/im200603.asp"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/8653/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ipswitch.com/support/ics/updates/ics200603stan.asp"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/19168/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ipswitch.com/support/imail/releases/imsec200603.asp"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/8651/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.tippingpoint.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-06-003"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14735"
      },
      {
        "db": "PACKETSTORM",
        "id": "44545"
      },
      {
        "db": "PACKETSTORM",
        "id": "44619"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3526"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-666"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-06-003",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-14735",
        "ident": null
      },
      {
        "db": "BID",
        "id": "17063",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "44545",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "44619",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3526",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-666",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2006-03-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-06-003",
        "ident": null
      },
      {
        "date": "2005-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14735",
        "ident": null
      },
      {
        "date": "2006-03-10T00:00:00",
        "db": "BID",
        "id": "17063",
        "ident": null
      },
      {
        "date": "2006-03-11T02:24:56",
        "db": "PACKETSTORM",
        "id": "44545",
        "ident": null
      },
      {
        "date": "2006-03-13T21:51:14",
        "db": "PACKETSTORM",
        "id": "44619",
        "ident": null
      },
      {
        "date": "2005-12-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2005-3526",
        "ident": null
      },
      {
        "date": "2005-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-666",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-04-17T00:00:00",
        "db": "ZDI",
        "id": "ZDI-06-003",
        "ident": null
      },
      {
        "date": "2018-10-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14735",
        "ident": null
      },
      {
        "date": "2007-02-20T15:56:00",
        "db": "BID",
        "id": "17063",
        "ident": null
      },
      {
        "date": "2018-10-19T15:36:51.563000",
        "db": "NVD",
        "id": "CVE-2005-3526",
        "ident": null
      },
      {
        "date": "2006-08-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-666",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-666"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Ipswitch Collaboration Suite Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-06-003"
      }
    ],
    "trust": 0.7
  },
  "type": {
    "_id": null,
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-666"
      }
    ],
    "trust": 0.6
  }
}

GHSA-R62G-MFV7-J6Q7

Vulnerability from github – Published: 2022-05-01 02:18 – Updated: 2022-05-01 02:18

Details

Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-3526"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-12-31T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.",
  "id": "GHSA-r62g-mfv7-j6q7",
  "modified": "2022-05-01T02:18:50Z",
  "published": "2022-05-01T02:18:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3526"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25133"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19168"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/577"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015759"
    },
    {
      "type": "WEB",
      "url": "http://www.ipswitch.com/support/ics/updates/ics200603prem.asp"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/23796"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/427536/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17063"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0907"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-003.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-3526 (GCVE-0-2005-3526)

GSD-2005-3526

FKIE_CVE-2005-3526

VAR-200512-0832

GHSA-R62G-MFV7-J6Q7

Tags

Sightings

Nomenclature