Vulnerabilities > CVE-1999-1046 - Buffer Overflow DoS vulnerability in Ipswitch Imail 5.0

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

ipswitch

critical

nessus

exploit available

NVD

Published: 1999-03-01

Updated: 2017-12-19

Summary

Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.

Vulnerable Configurations

Part	Description	Count
Application	Ipswitch Ipswitch Imail 5.0	1

Exploit-Db

description	Ipswitch IMail 5.0 IMonitor Buffer Overflow DoS Vulnerability. CVE-1999-1046. Dos exploits for multiple platform
id	EDB-ID:19379
last seen	2016-02-02
modified	1999-03-01
published	1999-03-01
reporter	Marc of eEye
source	https://www.exploit-db.com/download/19379/
title	Ipswitch IMail 5.0 IMonitor Buffer Overflow DoS Vulnerability

Nessus

NASL family	Gain a shell remotely
NASL id	IMAIL_IMONITOR_OVERFLOW.NASL
description	The remote host appears to be running IMail IMAP server.The installed version is reportedly affected by a buffer overflow vulnerability in the IMonitor. An attacker could exploit this flaw in order to cause a denial of service or potentially execute arbitrary code subject to the privileges of the affected service.
last seen	2020-06-01
modified	2020-06-02
plugin id	10124
published	1999-06-22
reporter	This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10124
title	IMail IMonitor Service Remote Overflow
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10124); script_version("1.41"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_cve_id("CVE-1999-1046", "CVE-2000-0056"); script_bugtraq_id(502, 504, 506, 914); script_name(english:"IMail IMonitor Service Remote Overflow"); script_summary(english:"IMail's IMonitor buffer overflow."); script_set_attribute(attribute:"synopsis", value: "The remote IMAP server is affected by a buffer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The remote host appears to be running IMail IMAP server.The installed version is reportedly affected by a buffer overflow vulnerability in the IMonitor. An attacker could exploit this flaw in order to cause a denial of service or potentially execute arbitrary code subject to the privileges of the affected service."); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=92038879607336&w=2"); script_set_attribute(attribute:"solution", value: "There is no known solution at this time."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"1999/06/22"); script_set_attribute(attribute:"vuln_publication_date", value:"1999/03/01"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc."); script_family(english:"Gain a shell remotely"); script_require_ports("Services/imonitor", 8181); script_dependencies("find_service1.nasl", "http_version.nasl"); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_service(svc:"imonitor", default:8181, exit_on_fail:TRUE); banner = get_http_banner(port:port, exit_on_fail:TRUE); if(egrep(pattern:"^Server: IMail_Monitor/([0-5]\.\|6\.[01][^0-9])", string:banner)) security_hole(port);

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References