Vulnerabilities > CVE-2005-3526 - Remote Buffer Overflow vulnerability in Ipswitch IMail Server / Collaboration Suite IMAP FETCH
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Windows |
NASL id | IPSWITCH_IMAIL_IMAPD_FETCH_OVERFLOW.NASL |
description | The remote host is running Ipswitch Collaboration Suite / IMail Secure Server / IMail Server, commercial messaging and collaboration suites for Windows. According to its banner, the version of Ipswitch Collaboration Suite / IMail Secure Server / IMail Server installed on the remote host has a buffer overflow issue in its IMAP server component. Using a specially crafted FETCH command with excessive data, an authenticated attacker can crash the IMAP server on the affected host, thereby denying service to legitimate users, and possibly execute arbitrary code as LOCAL SYSTEM. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21051 |
published | 2006-03-13 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21051 |
title | Ipswitch IMail Server/Collaboration Suite IMAP FETCH Command Overflow |
code |
|
Saint
bid | 17063 |
description | IMail IMAP FETCH command buffer overflow |
id | mail_imap_imail |
osvdb | 23796 |
title | imail_imap_fetch |
type | remote |
References
- http://secunia.com/advisories/19168
- http://securityreason.com/securityalert/577
- http://securitytracker.com/id?1015759
- http://www.ipswitch.com/support/ics/updates/ics200603prem.asp
- http://www.osvdb.org/23796
- http://www.securityfocus.com/archive/1/427536/100/0/threaded
- http://www.securityfocus.com/bid/17063
- http://www.vupen.com/english/advisories/2006/0907
- http://www.zerodayinitiative.com/advisories/ZDI-06-003.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25133