Sign-up

ID

VAR-200707-0112


CVE

CVE-2007-3927


TITLE

Ipswitch IMail Server 2006 Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2007-004155

DESCRIPTION

Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe.". Ipswitch IMail Server is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Exploit attempts may also cause the application to crash. Ipswitch IMail Server 2006 is vulnerable to these issues; other versions may also be affected. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. The IMailsec.dll component uses the lstrcpyA() function to copy the data provided by the user to a fixed-length heap buffer when trying to authenticate the user, so an attacker can trigger an overflow by submitting an overlong authentication request, resulting in arbitrary code execution. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflows SECUNIA ADVISORY ID: SA26123 VERIFY ADVISORY: http://secunia.com/advisories/26123/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: IMail Server 2006 http://secunia.com/product/8653/ Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ DESCRIPTION: Some vulnerabilities have been reported in Ipswitch IMail Server and Collaboration Suite, which can be exploited by malicious users and malicious people to compromise a vulnerable system. 1) A boundary error in the processing of the IMAP "SEARCH" command can be exploited to cause a stack-based buffer overflow. 2) A boundary error in the processing of the IMAP "SEARCH CHARSET" command can be exploited to cause a heap-based buffer overflow. Vulnerabilities #1 and #2 are reported in version 6.8.8.1 of imapd32.exe. 3) A boundary error in Imailsec can be exploited to cause a heap-based buffer overflow and allows execution of arbitrary code. 4) A boundary error in "subscribe" can be exploited to cause a buffer overflow. No further information is currently available. Vulnerabilities #3 and #4 are reported in Ipswitch IMail Server and Collaboration Suite prior to version 2006.21. SOLUTION: Update to IMail Server version 2006.21. http://www.ipswitch.com/support/imail/releases/im200621.asp Update to Ipswitch Collaboration Suite 2006.21. http://www.ipswitch.com/support/ics/updates/ics200621.asp PROVIDED AND/OR DISCOVERED BY: 1) Manuel Santamarina Suarez, reported via iDefense Labs. 2) An anonymous person, reported via iDefense Labs. 3, 4) The vendor credits TippingPoint and the Zero Day Initiative. ORIGINAL ADVISORY: IPSwitch: http://www.ipswitch.com/support/imail/releases/im200621.asp http://www.ipswitch.com/support/ics/updates/ics200621.asp iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-3927 // JVNDB: JVNDB-2007-004155 // BID: 24962 // VULHUB: VHN-27289 // PACKETSTORM: 57869

AFFECTED PRODUCTS

vendor:ipswitchmodel:collaboration suitescope:lteversion:2006.2

Trust: 1.0

vendor:ipswitchmodel:imail serverscope:lteversion:2006.2

Trust: 1.0

vendor:ipswitchmodel:imail serverscope:ltversion:2006

Trust: 0.8

vendor:ipswitchmodel:imail serverscope:eqversion:2006.21

Trust: 0.8

vendor:ipswitchmodel:collaboration suitescope:eqversion:2006.2

Trust: 0.6

vendor:ipswitchmodel:imail serverscope:eqversion:2006.2

Trust: 0.6

vendor:ipswitchmodel:imail serverscope:eqversion:2006

Trust: 0.3

vendor:ipswitchmodel:imail serverscope:neversion:2006.21

Trust: 0.3

sources: BID: 24962 // JVNDB: JVNDB-2007-004155 // CNNVD: CNNVD-200707-386 // NVD: CVE-2007-3927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3927
value: HIGH

Trust: 1.0

NVD: CVE-2007-3927
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200707-386
value: CRITICAL

Trust: 0.6

VULHUB: VHN-27289
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-3927
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-27289
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-27289 // JVNDB: JVNDB-2007-004155 // CNNVD: CNNVD-200707-386 // NVD: CVE-2007-3927

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3927

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-386

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200707-386

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-004155

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-27289

PATCH
title:Release notes for IMail Server 2006.21 (v9.21)url:http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-004155

EXTERNAL IDS
db:NVDid:CVE-2007-3927
Trust: 2.8
db:BIDid:24962
Trust: 2.0
db:SECUNIAid:26123
Trust: 1.8
db:OSVDBid:45818
Trust: 1.7
db:OSVDBid:45819
Trust: 1.7
db:SECTRACKid:1018421
Trust: 1.7
db:VUPENid:ADV-2007-2574
Trust: 1.7
db:JVNDBid:JVNDB-2007-004155
Trust: 0.8
db:XFid:35504
Trust: 0.6
db:XFid:35505
Trust: 0.6
db:CNNVDid:CNNVD-200707-386
Trust: 0.6
db:ZDIid:ZDI-07-042
Trust: 0.3
db:ZDIid:ZDI-07-043
Trust: 0.3
db:EXPLOIT-DBid:4228
Trust: 0.1
db:VULHUBid:VHN-27289
Trust: 0.1
db:PACKETSTORMid:57869
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27289 // 
            
            
            
            BID: 24962 // 
            
            
            
            JVNDB: JVNDB-2007-004155 // 
            
            
            
            PACKETSTORM: 57869 // 
            
            
            
            CNNVD: CNNVD-200707-386 // 
            
            
            
            NVD: CVE-2007-3927

REFERENCES
url:http://docs.ipswitch.com/imail%202006.21/releasenotes/imail_relnotes.htm#newrelease
Trust: 2.0
url:http://www.securityfocus.com/bid/24962
Trust: 1.7
url:http://osvdb.org/45818
Trust: 1.7
url:http://osvdb.org/45819
Trust: 1.7
url:http://www.securitytracker.com/id?1018421
Trust: 1.7
url:http://secunia.com/advisories/26123
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/2574
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35504
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35505
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3927
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3927
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/2574
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/35505
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/35504
Trust: 0.6
url:http://www.ipswitch.com/products/imail_server/index.html
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-07-042.html
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-07-043.html
Trust: 0.3
url:/archive/1/474040
Trust: 0.3
url:/archive/1/474552
Trust: 0.3
url:/archive/1/474553
Trust: 0.3
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://secunia.com/advisories/26123/
Trust: 0.1
url:http://secunia.com/product/8653/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://www.ipswitch.com/support/imail/releases/im200621.asp
Trust: 0.1
url:http://secunia.com/product/8652/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://www.ipswitch.com/support/ics/updates/ics200621.asp
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27289 // 
            
            
            
            BID: 24962 // 
            
            
            
            JVNDB: JVNDB-2007-004155 // 
            
            
            
            PACKETSTORM: 57869 // 
            
            
            
            CNNVD: CNNVD-200707-386 // 
            
            
            
            NVD: CVE-2007-3927

CREDITS
Manuel Santamarina Suarez
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200707-386

SOURCES
db:VULHUBid:VHN-27289
db:BIDid:24962
db:JVNDBid:JVNDB-2007-004155
db:PACKETSTORMid:57869
db:CNNVDid:CNNVD-200707-386
db:NVDid:CVE-2007-3927

LAST UPDATE DATE
2025-04-10T22:57:36.243000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-27289date:2017-07-29T00:00:00
db:BIDid:24962date:2016-07-05T21:38:00
db:JVNDBid:JVNDB-2007-004155date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200707-386date:2007-07-23T00:00:00
db:NVDid:CVE-2007-3927date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-27289date:2007-07-21T00:00:00
db:BIDid:24962date:2007-07-18T00:00:00
db:JVNDBid:JVNDB-2007-004155date:2012-09-25T00:00:00
db:PACKETSTORMid:57869date:2007-07-20T05:47:25
db:CNNVDid:CNNVD-200707-386date:2007-07-20T00:00:00
db:NVDid:CVE-2007-3927date:2007-07-21T00:30:00