Vulnerabilities > CVE-2000-0825 - Unspecified vulnerability in Ipswitch Imail 6.00

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
ipswitch
nessus
NVD
Published: 2000-11-14
Updated: 2017-10-10

Summary

Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.

Vulnerable Configurations

Part Description Count
Application
Ipswitch
1

Nessus

NASL familyWeb Servers
NASL idIMAIL_HOST_OVERFLOW.NASL
descriptionThe remote web server crashes when it is issued a too long argument to the
last seen2020-06-01
modified2020-06-02
plugin id10496
published2000-08-24
reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10496
titleIMail Host: Header Field Handling Remote Overflow
code
#
# (C) Tenable Network Security, Inc.
#

# Script audit and contributions from Carmichael Security
#      Erik Anderson <[email protected]>
#      Added BugtraqID and CVE
#

include("compat.inc");

if (description)
{
 script_id(10496);
 script_version("1.30");
 script_cvs_date("Date: 2018/11/15 20:50:25");

 script_cve_id("CVE-2000-0825");
 script_bugtraq_id(2011);

 script_name(english:"IMail Host: Header Field Handling Remote Overflow");
 script_summary(english:"Web server buffer overflow.");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a denial of service
vulnerability.");
 script_set_attribute(attribute:"description", value:
"The remote web server crashes when it is issued a too long argument
to the 'Host:' field of an HTTP request.

An attacker may use this flaw to either completely prevent this host
from serving web pages to the world, or to make it die by crashing
several threads of the web server until the complete exhaustion of
this host memory");
 script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=96659012127444&w=2");
 script_set_attribute(attribute:"solution", value:"Upgrade to IMail 6.0.4 or later, as this reportedly fixes the issue.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2000/08/17");
 script_set_attribute(attribute:"plugin_publication_date", value:"2000/08/24");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_DENIAL);

 script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");
 script_family(english:"Web Servers");

 script_dependencie("http_version.nasl");
 script_require_keys("Settings/ParanoidReport");
 script_require_ports("Services/www",80);

 exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

global_var	port;

function check_port(port)
{
 local_var soc;

 if(get_port_state(port))
 {
 soc = http_open_socket(port);
 if(soc){
 	http_close_socket(soc);
	return(TRUE);
	}
  }
  return(FALSE);
}

port = 8181;
if(!(check_port(port:port)))
{
 port = 8383;
 if(!(check_port(port:port)))
 {
  port = get_http_port(default:80);

 }
}

if (http_is_dead(port:port))exit(0, "The web server on port "+port+" is dead");

w = http_send_recv3(method:"GET", item:"/", port:port,
  add_headers: make_array("Host", crap(500)));

if (isnull(w)) security_warning(port);

References