ID
VAR-200110-0109
CVE
CVE-2001-1283
TITLE
Ipswitch IMail Server Mailbox Service Rejection Vulnerability
Trust: 0.6
DESCRIPTION
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. The IPSwitch IMail Server webmail interface is prone to a denial of service. Theweb interface will crash if a mailbox with a name that contains 248+ dots('.') is accessed. If the webmail interface crashes then it must be restarted to regain normal functionality. CGI scripts that access mailboxes may also induce a denial of service in the same manner. Though it is unconfirmed, this issue may be caused by a buffer overflow. If thisis the case, a possibility does exist that this issue may be exploited to execute arbitrary code on the host. (dot) or other characters, resulting in service denial (crash)
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | ipswitch | model: | imail | scope: | eq | version: | 7.0.4 | Trust: 1.9 |
| vendor: | ipswitch | model: | imail | scope: | eq | version: | 6.0.6 | Trust: 1.6 |
| vendor: | ipswitch | model: | imail | scope: | eq | version: | 6.0.2 | Trust: 1.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer overflow
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2001-1283 | Trust: 2.0 |
| db: | BID | id: | 3427 | Trust: 2.0 |
| db: | CNNVD | id: | CNNVD-200110-045 | Trust: 0.7 |
| db: | BUGTRAQ | id: | 20011011 IPSWITCH IMAIL 7.04 VULNERABILITIES | Trust: 0.6 |
| db: | VULHUB | id: | VHN-4088 | Trust: 0.1 |
REFERENCES
| url: | http://www.ipswitch.com/support/imail/news.html | Trust: 2.0 |
| url: | http://www.securityfocus.com/bid/3427 | Trust: 1.7 |
| url: | http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html | Trust: 1.7 |
| url: | http://www.ipswitch.com/products/imail_server/index.html | Trust: 0.3 |
CREDITS
Discovered and posted to Bugtraq by Niels Heinen <zilli0n@gmx.net> on Oct 12, 2001.
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-4088 |
| db: | BID | id: | 3427 |
| db: | CNNVD | id: | CNNVD-200110-045 |
| db: | NVD | id: | CVE-2001-1283 |
LAST UPDATE DATE
2025-04-03T22:25:22.946000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-4088 | date: | 2008-09-10T00:00:00 |
| db: | BID | id: | 3427 | date: | 2009-07-11T09:06:00 |
| db: | CNNVD | id: | CNNVD-200110-045 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2001-1283 | date: | 2025-04-03T01:03:51.193 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-4088 | date: | 2001-10-12T00:00:00 |
| db: | BID | id: | 3427 | date: | 2001-10-12T00:00:00 |
| db: | CNNVD | id: | CNNVD-200110-045 | date: | 2001-10-12T00:00:00 |
| db: | NVD | id: | CVE-2001-1283 | date: | 2001-10-12T04:00:00 |