Sign-up

ID

VAR-200707-0110


CVE

CVE-2007-3925


TITLE

Ipswitch IMail Server 2006 of imapd32.exe Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2007-004153

DESCRIPTION

Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command. Ipswitch IMail Server is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Exploit attempts may also cause the application to crash. Ipswitch IMail Server 2006 is vulnerable to these issues; other versions may also be affected. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. IMail bundles an IMAP daemon (imapd32.exe) that allows users to access mail. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflows SECUNIA ADVISORY ID: SA26123 VERIFY ADVISORY: http://secunia.com/advisories/26123/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: IMail Server 2006 http://secunia.com/product/8653/ Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ DESCRIPTION: Some vulnerabilities have been reported in Ipswitch IMail Server and Collaboration Suite, which can be exploited by malicious users and malicious people to compromise a vulnerable system. Vulnerabilities #1 and #2 are reported in version 6.8.8.1 of imapd32.exe. 3) A boundary error in Imailsec can be exploited to cause a heap-based buffer overflow and allows execution of arbitrary code. 4) A boundary error in "subscribe" can be exploited to cause a buffer overflow. No further information is currently available. Vulnerabilities #3 and #4 are reported in Ipswitch IMail Server and Collaboration Suite prior to version 2006.21. SOLUTION: Update to IMail Server version 2006.21. http://www.ipswitch.com/support/imail/releases/im200621.asp Update to Ipswitch Collaboration Suite 2006.21. http://www.ipswitch.com/support/ics/updates/ics200621.asp PROVIDED AND/OR DISCOVERED BY: 1) Manuel Santamarina Suarez, reported via iDefense Labs. 2) An anonymous person, reported via iDefense Labs. 3, 4) The vendor credits TippingPoint and the Zero Day Initiative. ORIGINAL ADVISORY: IPSwitch: http://www.ipswitch.com/support/imail/releases/im200621.asp http://www.ipswitch.com/support/ics/updates/ics200621.asp iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-3925 // JVNDB: JVNDB-2007-004153 // BID: 24962 // VULHUB: VHN-27287 // PACKETSTORM: 57869

AFFECTED PRODUCTS

vendor:ipswitchmodel:collaboration suitescope:lteversion:2006.2

Trust: 1.0

vendor:ipswitchmodel:imail serverscope:lteversion:2006.2

Trust: 1.0

vendor:ipswitchmodel:imail serverscope:ltversion:2006

Trust: 0.8

vendor:ipswitchmodel:imail serverscope:eqversion:2006.21

Trust: 0.8

vendor:ipswitchmodel:collaboration suitescope:eqversion:2006.2

Trust: 0.6

vendor:ipswitchmodel:imail serverscope:eqversion:2006.2

Trust: 0.6

vendor:ipswitchmodel:imail serverscope:eqversion:2006

Trust: 0.3

vendor:ipswitchmodel:imail serverscope:neversion:2006.21

Trust: 0.3

sources: BID: 24962 // JVNDB: JVNDB-2007-004153 // CNNVD: CNNVD-200707-387 // NVD: CVE-2007-3925

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3925
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3925
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200707-387
value: MEDIUM

Trust: 0.6

VULHUB: VHN-27287
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3925
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-27287
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-27287 // JVNDB: JVNDB-2007-004153 // CNNVD: CNNVD-200707-387 // NVD: CVE-2007-3925

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-27287 // JVNDB: JVNDB-2007-004153 // NVD: CVE-2007-3925

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-387

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200707-387

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-004153

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-27287

PATCH
title:Release notes for IMail Server 2006.21 (v9.21)url:http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-004153

EXTERNAL IDS
db:NVDid:CVE-2007-3925
Trust: 2.8
db:BIDid:24962
Trust: 2.0
db:SECUNIAid:26123
Trust: 1.8
db:VUPENid:ADV-2007-2574
Trust: 1.7
db:SECTRACKid:1018419
Trust: 1.7
db:JVNDBid:JVNDB-2007-004153
Trust: 0.8
db:IDEFENSEid:20070718 IPSWITCH IMAIL SERVER 2006 IMAP SEARCH COMMAND BUFFER OVERFLOW VULNERABILITY
Trust: 0.6
db:XFid:35496
Trust: 0.6
db:XFid:35500
Trust: 0.6
db:CNNVDid:CNNVD-200707-387
Trust: 0.6
db:ZDIid:ZDI-07-042
Trust: 0.3
db:ZDIid:ZDI-07-043
Trust: 0.3
db:SEEBUGid:SSVID-71001
Trust: 0.1
db:EXPLOIT-DBid:16487
Trust: 0.1
db:EXPLOIT-DBid:4223
Trust: 0.1
db:PACKETSTORMid:83090
Trust: 0.1
db:VULHUBid:VHN-27287
Trust: 0.1
db:PACKETSTORMid:57869
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27287 // 
            
            
            
            BID: 24962 // 
            
            
            
            JVNDB: JVNDB-2007-004153 // 
            
            
            
            PACKETSTORM: 57869 // 
            
            
            
            CNNVD: CNNVD-200707-387 // 
            
            
            
            NVD: CVE-2007-3925

REFERENCES
url:http://docs.ipswitch.com/imail%202006.21/releasenotes/imail_relnotes.htm#newrelease
Trust: 2.0
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563
Trust: 1.8
url:http://www.securityfocus.com/bid/24962
Trust: 1.7
url:http://www.securitytracker.com/id?1018419
Trust: 1.7
url:http://secunia.com/advisories/26123
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/2574
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35496
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35500
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3925
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3925
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/2574
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/35500
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/35496
Trust: 0.6
url:http://www.ipswitch.com/products/imail_server/index.html
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-07-042.html
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-07-043.html
Trust: 0.3
url:/archive/1/474040
Trust: 0.3
url:/archive/1/474552
Trust: 0.3
url:/archive/1/474553
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://secunia.com/advisories/26123/
Trust: 0.1
url:http://secunia.com/product/8653/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://www.ipswitch.com/support/imail/releases/im200621.asp
Trust: 0.1
url:http://secunia.com/product/8652/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://www.ipswitch.com/support/ics/updates/ics200621.asp
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27287 // 
            
            
            
            BID: 24962 // 
            
            
            
            JVNDB: JVNDB-2007-004153 // 
            
            
            
            PACKETSTORM: 57869 // 
            
            
            
            CNNVD: CNNVD-200707-387 // 
            
            
            
            NVD: CVE-2007-3925

CREDITS
Manuel Santamarina Suarez
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200707-387

SOURCES
db:VULHUBid:VHN-27287
db:BIDid:24962
db:JVNDBid:JVNDB-2007-004153
db:PACKETSTORMid:57869
db:CNNVDid:CNNVD-200707-387
db:NVDid:CVE-2007-3925

LAST UPDATE DATE
2025-04-10T22:57:36.278000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-27287date:2017-07-29T00:00:00
db:BIDid:24962date:2016-07-05T21:38:00
db:JVNDBid:JVNDB-2007-004153date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200707-387date:2007-07-23T00:00:00
db:NVDid:CVE-2007-3925date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-27287date:2007-07-21T00:00:00
db:BIDid:24962date:2007-07-18T00:00:00
db:JVNDBid:JVNDB-2007-004153date:2012-09-25T00:00:00
db:PACKETSTORMid:57869date:2007-07-20T05:47:25
db:CNNVDid:CNNVD-200707-387date:2007-07-20T00:00:00
db:NVDid:CVE-2007-3925date:2007-07-21T00:30:00