Vulnerabilities > CVE-2004-1520 - Remote Buffer Overflow vulnerability in Ipswitch Imail 8.13

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
ipswitch
nessus
exploit available
metasploit
NVD
Published: 2004-12-31
Updated: 2017-07-11

Summary

Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.

Vulnerable Configurations

Part Description Count
Application
Ipswitch
1

Exploit-Db

  • descriptionMdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow. CVE-2004-1520. Remote exploit for windows platform
    idEDB-ID:16477
    last seen2016-02-01
    modified2010-06-22
    published2010-06-22
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16477/
    titleMdaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow
  • descriptionIPSwitch IMail 8.13 (DELETE) Remote Stack Overflow Exploit. CVE-2004-1520. Remote exploit for windows platform
    idEDB-ID:627
    last seen2016-01-31
    modified2004-11-12
    published2004-11-12
    reporterZatlander
    sourcehttps://www.exploit-db.com/download/627/
    titleIPSwitch IMail 8.13 DELETE Remote Stack Overflow Exploit
  • descriptionMDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit. CVE-2004-1520. Remote exploit for windows platform
    idEDB-ID:1151
    last seen2016-01-31
    modified2005-08-12
    published2005-08-12
    reporterN/A
    sourcehttps://www.exploit-db.com/download/1151/
    titleMDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
  • descriptionIMail IMAP4D Delete Overflow. CVE-2004-1520. Remote exploit for windows platform
    idEDB-ID:16479
    last seen2016-02-01
    modified2010-09-20
    published2010-09-20
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16479/
    titleIMail IMAP4D Delete Overflow

Metasploit

Nessus

NASL familyWindows
NASL idIPSWITCH_IMAIL_BO2.NASL
descriptionThe remote host is running a version of Ipswitch IMail that is older than version 8.14.0. The remote version of this software is vulnerable to a buffer overflow when it processes the argument of the
last seen2020-06-01
modified2020-06-02
plugin id15771
published2004-11-19
reporterThis script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/15771
titleIpswitch IMail IMAP Service DELETE Command Remote Overflow
code
#
# (C) Tenable Network Security, Inc.
# 


include("compat.inc");

if(description)
{
 script_id(15771);
 script_version("1.16");

 script_cve_id("CVE-2004-1520");
 script_bugtraq_id(11675);
 
 script_name(english:"Ipswitch IMail IMAP Service DELETE Command Remote Overflow");
 script_summary(english:"Checks for version of IMail web interface");

 script_set_attribute(attribute:"synopsis", value:
"The remote mail server is affected by a buffer overflow vulnerability." );
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of Ipswitch IMail that
is older than version 8.14.0.

The remote version of this software is vulnerable to a buffer overflow
when it processes the argument of the 'delete' command. An attacker
may exploit this flaw to execute arbitrary code on the remote host." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Nov/188" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to IMail 8.14 or later, as this reportedly fixes the issue." );
 script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/19");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/12");
 script_cvs_date("Date: 2018/11/15 20:50:27");
 script_set_attribute(attribute:"plugin_type", value: "remote");
 script_set_attribute(attribute:"cpe",value:"cpe:/a:ipswitch:imail");
 script_end_attributes();
 
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english:"Windows");

 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

# The script code starts here

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

banner = get_http_banner(port: port, exit_on_fail: 1);
serv = egrep(string: banner, pattern: "^Server:.*");
if(ereg(pattern:"^Server:.*Ipswitch-IMail/([1-7]\..*|(8\.(0[0-9]?[^0-9]|1[0-3][^0-9])))", string:serv))
   security_warning(port);

Packetstorm

Saint

bid11675
descriptionIMail IMAP DELETE command buffer overflow
idmail_imap_imail
osvdb11838
titleimail_imap_delete
typeremote

References