Vulnerabilities > CVE-2000-0825 - Unspecified vulnerability in Ipswitch Imail 6.00

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ipswitch
nessus
NVD
Published: 2000-11-14
Updated: 2017-10-10

Summary

Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.

Vulnerable Configurations

Part Description Count
Application
Ipswitch
1

Nessus

NASL familyWeb Servers
NASL idIMAIL_HOST_OVERFLOW.NASL
descriptionThe remote web server crashes when it is issued a too long argument to the
last seen2020-06-01
modified2020-06-02
plugin id10496
published2000-08-24
reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10496
titleIMail Host: Header Field Handling Remote Overflow
code
#
# (C) Tenable Network Security, Inc.
#

# Script audit and contributions from Carmichael Security
#      Erik Anderson <[email protected]>
#      Added BugtraqID and CVE
#

include("compat.inc");

if (description)
{
 script_id(10496);
 script_version("1.30");
 script_cvs_date("Date: 2018/11/15 20:50:25");

 script_cve_id("CVE-2000-0825");
 script_bugtraq_id(2011);

 script_name(english:"IMail Host: Header Field Handling Remote Overflow");
 script_summary(english:"Web server buffer overflow.");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a denial of service
vulnerability.");
 script_set_attribute(attribute:"description", value:
"The remote web server crashes when it is issued a too long argument
to the 'Host:' field of an HTTP request.

An attacker may use this flaw to either completely prevent this host
from serving web pages to the world, or to make it die by crashing
several threads of the web server until the complete exhaustion of
this host memory");
 script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=96659012127444&w=2");
 script_set_attribute(attribute:"solution", value:"Upgrade to IMail 6.0.4 or later, as this reportedly fixes the issue.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2000/08/17");
 script_set_attribute(attribute:"plugin_publication_date", value:"2000/08/24");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_DENIAL);

 script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");
 script_family(english:"Web Servers");

 script_dependencie("http_version.nasl");
 script_require_keys("Settings/ParanoidReport");
 script_require_ports("Services/www",80);

 exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

global_var	port;

function check_port(port)
{
 local_var soc;

 if(get_port_state(port))
 {
 soc = http_open_socket(port);
 if(soc){
 	http_close_socket(soc);
	return(TRUE);
	}
  }
  return(FALSE);
}

port = 8181;
if(!(check_port(port:port)))
{
 port = 8383;
 if(!(check_port(port:port)))
 {
  port = get_http_port(default:80);

 }
}

if (http_is_dead(port:port))exit(0, "The web server on port "+port+" is dead");

w = http_send_recv3(method:"GET", item:"/", port:port,
  add_headers: make_array("Host", crap(500)));

if (isnull(w)) security_warning(port);

References