Details of VAR-200210-0229

ID

VAR-200210-0229

CVE

CVE-2002-1076

TITLE

IPSwitch IMail Web Messaging Daemon HTTP GET Remote buffer overflow vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-145

DESCRIPTION

Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. The web messaging server is vulnerable to a buffer overflow. When the server receives a request for HTTP version 1.0, and the total request is 96 bytes or greater, a buffer overflow occurs. This could result in the execution of attacker-supplied instructions, and potentially allow an attacker to gain local access. ** Ipswitch has reported they are unable to reproduce this issue. In addition, Ipswitch has stated that the supplied, third party patch may in fact open additional vulnerabilities in the product. Ipswitch suggests that users do not apply the supplied patch. IMail's Web Messaging daemon lacks proper checks for parameters when processing HTTP/1.0 GET requests. Remote attackers can exploit this vulnerability to perform buffer overflow attacks

Trust: 1.26

sources: NVD: CVE-2002-1076 // BID: 5323 // VULHUB: VHN-5464

AFFECTED PRODUCTS

vendor:	ipswitch	model:	imail	scope:	eq	version:	7.1	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.7	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.6	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.5	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.4	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.3	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.2	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.1	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.4	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.3	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.2	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.1	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	ne	version:	7.12	Trust: 0.3

sources: BID: 5323 // CNNVD: CNNVD-200210-145 // NVD: CVE-2002-1076

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1076
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200210-145
value:	HIGH
Trust: 0.6
VULHUB:	VHN-5464
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1076
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5464
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5464 // CNNVD: CNNVD-200210-145 // NVD: CVE-2002-1076

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1076

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-145

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200210-145

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-5464

EXTERNAL IDS

db:	BID	id:	5323	Trust: 2.0
db:	NVD	id:	CVE-2002-1076	Trust: 1.7
db:	CNNVD	id:	CNNVD-200210-145	Trust: 0.7
db:	BUGTRAQ	id:	20020725 IPSWITCH IMAIL ADVISORY/EXPLOIT/PATCH	Trust: 0.6
db:	BUGTRAQ	id:	20020729 HOAX EXPLOIT	Trust: 0.6
db:	BUGTRAQ	id:	20020729 RE: HOAX EXPLOIT (2C79CBE14AC7D0B8472D3F129FA1DF55 RETURNS)	Trust: 0.6
db:	XF	id:	9679	Trust: 0.6
db:	SEEBUG	id:	SSVID-75478	Trust: 0.1
db:	EXPLOIT-DB	id:	21654	Trust: 0.1
db:	VULHUB	id:	VHN-5464	Trust: 0.1

sources: VULHUB: VHN-5464 // BID: 5323 // CNNVD: CNNVD-200210-145 // NVD: CVE-2002-1076

REFERENCES

url:	http://www.securityfocus.com/bid/5323	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html	Trust: 1.7
url:	http://support.ipswitch.com/kb/im-20020729-dm01.htm	Trust: 1.7
url:	http://support.ipswitch.com/kb/im-20020731-dm02.htm	Trust: 1.7
url:	http://www.iss.net/security_center/static/9679.php	Trust: 1.7

sources: VULHUB: VHN-5464 // CNNVD: CNNVD-200210-145 // NVD: CVE-2002-1076

CREDITS

2c79cbe14ac7d0b8472d3f129fa1df※ c79cbe14ac7d0b8472d3f129fa1df55@yahoo.com

Trust: 0.6

sources: CNNVD: CNNVD-200210-145

SOURCES

db:	VULHUB	id:	VHN-5464
db:	BID	id:	5323
db:	CNNVD	id:	CNNVD-200210-145
db:	NVD	id:	CVE-2002-1076

LAST UPDATE DATE

2025-04-03T22:22:03.686000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5464	date:	2008-09-05T00:00:00
db:	BID	id:	5323	date:	2002-07-26T00:00:00
db:	CNNVD	id:	CNNVD-200210-145	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2002-1076	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5464	date:	2002-10-04T00:00:00
db:	BID	id:	5323	date:	2002-07-26T00:00:00
db:	CNNVD	id:	CNNVD-200210-145	date:	2002-07-26T00:00:00
db:	NVD	id:	CVE-2002-1076	date:	2002-10-04T04:00:00