FKIE_CVE-2008-1497
Vulnerability from fkie_nvd - Published: 2008-03-25 19:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netwin | surgemail | 1.8g3 | |
| netwin | surgemail | 1.9b2 | |
| netwin | surgemail | 2.0a2 | |
| netwin | surgemail | 2.0c | |
| netwin | surgemail | 2.0e | |
| netwin | surgemail | 2.0g2 | |
| netwin | surgemail | 2.1c7 | |
| netwin | surgemail | 2.2a6 | |
| netwin | surgemail | 2.2c10 | |
| netwin | surgemail | 2.2g2 | |
| netwin | surgemail | 2.2g3 | |
| netwin | surgemail | 3.0a | |
| netwin | surgemail | 3.0c2 | |
| netwin | surgemail | 3.2e | |
| netwin | surgemail | 3.5a | |
| netwin | surgemail | 3.5b3 | |
| netwin | surgemail | 3.6d | |
| netwin | surgemail | 3.6f3 | |
| netwin | surgemail | 3.6f5 | |
| netwin | surgemail | 3.6f7 | |
| netwin | surgemail | 3.7b | |
| netwin | surgemail | 3.7b3 | |
| netwin | surgemail | 3.7b5 | |
| netwin | surgemail | 3.7b6 | |
| netwin | surgemail | 3.7b7 | |
| netwin | surgemail | 3.7b8 | |
| netwin | surgemail | 3.8a | |
| netwin | surgemail | 3.8b | |
| netwin | surgemail | 3.8d | |
| netwin | surgemail | 3.8f | |
| netwin | surgemail | 3.8f2 | |
| netwin | surgemail | 3.8f3 | |
| netwin | surgemail | 3.8i | |
| netwin | surgemail | 3.8i2 | |
| netwin | surgemail | 3.8i3 | |
| netwin | surgemail | 3.8k | |
| netwin | surgemail | 3.8k2 | |
| netwin | surgemail | 3.8k3 | |
| netwin | surgemail | 3.8m |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
"matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "90487000-A5DA-463B-82B2-5F83DBEC7154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "8B654A1F-01A3-4F18-A1E6-9D924BF34397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDB3E97-547C-4531-81E9-B280E3DF39D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.0g2:*:*:*:*:*:*:*",
"matchCriteriaId": "61DA6241-B456-4721-BAB7-A857FAA4B41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.1c7:*:*:*:*:*:*:*",
"matchCriteriaId": "BBBC4664-D561-4DDD-AC69-003D498FE40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2a6:*:*:*:*:*:*:*",
"matchCriteriaId": "7324F0F8-6F15-4966-9589-7BDF502DA287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2c10:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF4BCCC-8284-4EB2-B38B-06283E584F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2g2:*:*:*:*:*:*:*",
"matchCriteriaId": "288E7531-50DA-4AE1-B152-F0FBE7CA88BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:2.2g3:*:*:*:*:*:*:*",
"matchCriteriaId": "914D7AFB-007F-48C1-98C0-13B38F2C2D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED629A5-B807-4856-AD71-DF5040463694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.0c2:*:*:*:*:*:*:*",
"matchCriteriaId": "5470DC1D-DBE4-4C03-B831-42533DF08D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "B4420781-D233-4C09-9979-B20BB476E635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4180CD-DCAC-42DB-8973-F8233F8B8EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.5b3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB3CEAB-41DD-447B-B36E-C5C5B9F1A2F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE7B0E5-E5A8-4F03-867A-8AE987D2254B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.6f3:*:*:*:*:*:*:*",
"matchCriteriaId": "60B63ABA-5B8B-4EF2-A832-38F047904727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.6f5:*:*:*:*:*:*:*",
"matchCriteriaId": "90D7306C-A95A-4DB8-A6F1-29B233FF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.6f7:*:*:*:*:*:*:*",
"matchCriteriaId": "234A98AA-6482-4889-B3A3-3D4EC1023371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b:*:*:*:*:*:*:*",
"matchCriteriaId": "063644A4-AD5B-4BD7-9B6C-ADA2C47562C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b3:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB85D71-332A-4B5F-8B48-57CE29461920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b5:*:*:*:*:*:*:*",
"matchCriteriaId": "0871CD5E-B0B7-4A80-924F-073227420136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b6:*:*:*:*:*:*:*",
"matchCriteriaId": "563791A9-A34B-4C2A-9F4F-F878654C5742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b7:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAF682B-5815-4787-B288-F1CB47F1C986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.7b8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4764A66-0284-4D85-9A8D-69CC9FCD53EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "12FCF5D0-3E98-48E4-840C-5DD47A893AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8b:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2E8CA7-DAF6-4C30-8ED1-9FA6D4A660D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "1C384BC3-603B-4409-B473-F3213D05DB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "C81E2733-0791-4D5E-990F-B40859EEA7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CE77D8-ADB3-4A3E-9D79-4F9739F7549A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*",
"matchCriteriaId": "50C06B4F-1DEC-4622-B060-184762418112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i:*:*:*:*:*:*:*",
"matchCriteriaId": "19390313-1B1C-4388-AA3B-1A470416FADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1FD0B1-DEE5-4765-9538-FBA20E8B1559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8i3:*:*:*:*:*:*:*",
"matchCriteriaId": "30495DFC-EC4F-4449-851A-3358C9BCBF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4BE37B-BA86-4B1D-A1B6-B5910F61171D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF32266-AB58-4215-B7FF-CC882835EE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8k3:*:*:*:*:*:*:*",
"matchCriteriaId": "A437EB1A-2E12-4AAB-8817-57D17C2E21E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netwin:surgemail:3.8m:*:*:*:*:*:*:*",
"matchCriteriaId": "25C21957-FA45-4FCE-AFFE-4A0E1345CFE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en Pila en el servicio IMAP de NetWin SurgeMail 38k4-4 y versiones anteriores, permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos largos del comando LSUB."
}
],
"id": "CVE-2008-1497",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-25T19:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29105"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3774"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28377"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.netwinsite.com/surgemail/help/updates.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489959/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41402"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…