Vulnerabilities > CVE-2008-2859 - Denial of Service vulnerability in SurgeMail IMAP Command

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

netwin

nessus

exploit available

NVD

Published: 2008-06-25

Updated: 2017-08-08

Summary

Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."

Vulnerable Configurations

Part	Description	Count
Application	Netwin Netwin Surgemail 3.8A Netwin Surgemail 3.8B Netwin Surgemail 3.8D Netwin Surgemail 3.8F Netwin Surgemail 3.8F2 Netwin Surgemail 3.8F3 Netwin Surgemail 3.8I Netwin Surgemail 3.8I2 Netwin Surgemail 3.8I3 Netwin Surgemail 3.8K Netwin Surgemail 3.8K2 Netwin Surgemail 3.8K3 Netwin Surgemail 3.8K4 Netwin Surgemail 3.8M Netwin Surgemail 3.8O Netwin Surgemail 3.8Q Netwin Surgemail 3.8S Netwin Surgemail 3.8U Netwin Surgemail 3.9A Netwin Surgemail 3.9C Netwin Surgemail 3.9E Netwin Surgemail *	22

Exploit-Db

description	Surgemail 39e-1 Post Auth IMAP Remote Buffer Overflow DoS. CVE-2008-2859,CVE-2008-7182. Dos exploit for windows platform
file	exploits/windows/dos/5968.py
id	EDB-ID:5968
last seen	2016-01-31
modified	2008-06-30
platform	windows
port
published	2008-06-30
reporter	Travis Warren
source	https://www.exploit-db.com/download/5968/
title	Surgemail 39e-1 Post Auth IMAP Remote Buffer Overflow DoS
type	dos

Nessus

NASL family	Misc.
NASL id	SURGEMAIL_IMAP_COMMAND_UNSPECIFIED_DOS.NASL
description	According to its banner, the remote host is running a version of the SurgeMail Mail Server older than 3.9g2. The IMAP service in such versions is reportedly affected by remote denial of service vulnerabilities when handling an APPEND command with a large parameter. An authenticated attacker can leverage this issue to crash the remote application.
last seen	2020-06-01
modified	2020-06-02
plugin id	33277
published	2008-06-30
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33277
title	SurgeMail IMAP Service APPEND Command Remote DoS
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(33277); script_version("1.15"); script_cve_id("CVE-2008-2859", "CVE-2008-7182"); script_bugtraq_id(29805, 30000); script_xref(name:"EDB-ID", value:"5968"); script_xref(name:"Secunia", value:"30739"); script_name(english:"SurgeMail IMAP Service APPEND Command Remote DoS"); script_summary(english:"Checks version in IMAP service banner"); script_set_attribute(attribute:"synopsis", value: "The remote mail server is prone to denial of service attacks." ); script_set_attribute(attribute:"description", value: "According to its banner, the remote host is running a version of the SurgeMail Mail Server older than 3.9g2. The IMAP service in such versions is reportedly affected by remote denial of service vulnerabilities when handling an APPEND command with a large parameter. An authenticated attacker can leverage this issue to crash the remote application." ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/496482" ); script_set_attribute(attribute:"see_also", value:"http://www.netwinsite.com/surgemail/help/updates.htm" ); script_set_attribute(attribute:"solution", value: "Upgrade to SurgeMail 3.9g2 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2008/06/30"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("find_service2.nasl"); script_require_ports("Services/imap", 143); exit(0); } include("global_settings.inc"); include("imap_func.inc"); # Get the banner. port = get_kb_item("Services/imap"); if (!port) port = 143; if (!get_port_state(port)) exit(0); banner = get_imap_banner(port:port); # Check the version. ver = NULL; if (banner && " IMAP " >< banner && " (Version " >< banner) { pat = " IMAP ($C$ )?[^ ]+ $Version ([0-9]\.[0-9]+[a-z][0-9]*)-[0-9]+$"; matches = egrep(pattern:pat, string:banner); if (matches) { foreach match (split(matches)) { match = chomp(match); ver = eregmatch(pattern:pat, string:match); if (!isnull(ver)) { ver = ver[2]; break; } } } # There's a problem if it's < 3.9g2. if (ver && ver =~ "^([0-2]\.\|3\.([0-8][a-z]\|9([a-f]\|g[01]?$)))") { report = string( "\n", "Surgemail ", ver, " is currently installed on the remote host.\n" ); security_warning(port:port, extra:report); } }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References