Vulnerabilities > CVE-2004-0297 - Remote LDAP Daemon Buffer Overflow vulnerability in Ipswitch Imail 8.0.3/8.0.5

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
ipswitch
critical
exploit available
metasploit
NVD
Published: 2004-11-23
Updated: 2017-10-10

Summary

Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.

Vulnerable Configurations

Part Description Count
Application
Ipswitch
2

Exploit-Db

  • descriptionIPSwitch IMail LDAP Daemon Remote Buffer Overflow Exploit. CVE-2004-0297. Remote exploit for windows platform
    idEDB-ID:157
    last seen2016-01-31
    modified2004-02-27
    published2004-02-27
    reporterJohnny Cyberpunk
    sourcehttps://www.exploit-db.com/download/157/
    titleIPSwitch IMail LDAP Daemon - Remote Buffer Overflow Exploit
  • descriptionIMail LDAP Service Buffer Overflow. CVE-2004-0297. Remote exploit for windows platform
    idEDB-ID:16824
    last seen2016-02-02
    modified2010-04-30
    published2010-04-30
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16824/
    titleIMail LDAP Service Buffer Overflow

Metasploit

descriptionThis exploits a buffer overflow in the LDAP service that is part of the IMail product. This module was tested against version 7.10 and 8.5, both running on Windows 2000.
idMSF:EXPLOIT/WINDOWS/LDAP/IMAIL_THC
last seen2020-03-23
modified2017-07-24
published2005-12-26
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/ldap/imail_thc.rb
titleIMail LDAP Service Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83017/imail_thc.rb.txt
idPACKETSTORM:83017
last seen2016-12-05
published2009-11-26
reporterH D Moore
sourcehttps://packetstormsecurity.com/files/83017/IMail-LDAP-Service-Buffer-Overflow.html
titleIMail LDAP Service Buffer Overflow

Saint

bid9682
descriptionIMail LDAP buffer overflow
idmail_misc_imailldap
osvdb3984
titleimail_ldap
typeremote

References