SAINT CorporationSAINT:380909285D1D5F1D2EAD88268FC3F9F3IMail IMAP LOGIN special character vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.7%
Added: 01/04/2006
CVE: CVE-2005-1255
BID: 13727
OSVDB: 16804
Background
IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, a web interface, and web calendaring.
Problem
A remote attacker could execute arbitrary commands by sending a long specially crafted **LOGIN** command starting with a special character. The attacker would not need to have knowledge of a valid account name and password in order to exploit this vulnerability.
Resolution
Install the IMail Server 8.02 Patch.
References
[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=243&type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=243&type=vulnerabilities
>)
Limitations
Exploit works against Ipswitch Collaboration Suite 2.0.
Platforms
Windows 2000
Windows XP
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.7%