Lucene search

SAINT CorporationSAINT:A67C23F56CC3C3B29810C37FE1CDE95A

HistoryAug 02, 2007 - 12:00 a.m.

Ipswitch IMail IMAP SUBSCRIBE command buffer overflow

2007-08-0200:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.152

Percentile

95.9%

JSON

Added: 08/02/2007
CVE: CVE-2007-3927
BID: 24962
OSVDB: 36222

Background

IMail is an e-mail server for Windows platforms.

Problem

A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SUBSCRIBE command.

Resolution

Upgrade to Ipswitch IMail Server version 2006.21.

References

<http://www.zerodayinitiative.com/advisories/ZDI-07-043.html>

Limitations

Exploit works on Ipswitch IMail 2006.2 and requires a valid IMAP login and password.

Platforms

Windows 2000
Windows Server 2003

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.152

Percentile

95.9%

JSON

Related for SAINT:A67C23F56CC3C3B29810C37FE1CDE95A