Vulnerabilities > CVE-2005-1256 - Multiple vulnerability in Ipswitch Imail, Imail Server and Ipswitch Collaboration Suite

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

ipswitch

critical

NVD

Published: 2005-05-25

Updated: 2008-11-15

Summary

Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.

Vulnerable Configurations

Part	Description	Count
Application	Ipswitch Ipswitch Imail 8.13 Ipswitch Imail Server 8.2 Ipswitch Ipswitch Collaboration Suite *	3

Saint

bid 13727
description IMail IMAP STATUS buffer overflow
id mail_imap_imail
osvdb 16806
title imail_imap_status
type remote
bid 13727
description IMail IMAP LOGIN special character vulnerability
id mail_imap_imail
osvdb 16804
title imail_imap_login_specialchar
type remote

bid	13727
description	IMail IMAP STATUS buffer overflow
id	mail_imap_imail
osvdb	16806
title	imail_imap_status
type	remote

Summary

Vulnerable Configurations

Saint

References