Sign-up

ID

VAR-200707-0144


CVE

CVE-2007-3959


TITLE

ICS of Ipswitch Instant Messaging of IM Server Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-004173

DESCRIPTION

The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions. (1) DoAttachVideoSender function (2) DoAttachVideoReceiver function (3) DoAttachAudioSender function (4) DoAttachAudioReceiver function. Ipswitch Instant Messaging Server is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected network data. Successfully exploiting this issue allows remote attackers to crash the IM service, denying further instant messages for legitimate users. Ipswitch IM Server 2.0.5.30 is vulnerable; other versions may also be affected. Ipswitch Instant Messaging is the instant messaging software bundled in the Ipswitch collaboration component. The vulnerable code can be reached through the following functions: DoAttachVideoSender DoAttachVideoReceiver DoAttachAudioSender DoAttachAudioReceiver. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerability is reported in version 2.0.5.30. SOLUTION: Update to version 2.0.7. http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp PROVIDED AND/OR DISCOVERED BY: Discovered by an anonymous researcher and reported via iDefense. ORIGINAL ADVISORY: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-3959 // JVNDB: JVNDB-2007-004173 // BID: 25031 // VULHUB: VHN-27321 // PACKETSTORM: 57984

AFFECTED PRODUCTS

vendor:ipswitchmodel:imserverscope:eqversion:2.0.5.30

Trust: 1.6

vendor:ipswitchmodel:collaboration suitescope:lteversion:2.07

Trust: 1.0

vendor:ipswitchmodel:imserverscope:lteversion:2.0.5.30

Trust: 0.8

vendor:ipswitchmodel:collaboration suitescope:ltversion:2.07

Trust: 0.8

vendor:ipswitchmodel:collaboration suitescope:eqversion:2.07

Trust: 0.6

vendor:ipswitchmodel:instant messengerscope:eqversion:2.0.5.30

Trust: 0.3

vendor:ipswitchmodel:instant messengerscope:neversion:2.07

Trust: 0.3

sources: BID: 25031 // JVNDB: JVNDB-2007-004173 // CNNVD: CNNVD-200707-408 // NVD: CVE-2007-3959

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3959
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3959
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200707-408
value: MEDIUM

Trust: 0.6

VULHUB: VHN-27321
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3959
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-27321
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-27321 // JVNDB: JVNDB-2007-004173 // CNNVD: CNNVD-200707-408 // NVD: CVE-2007-3959

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3959

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-408

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200707-408

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-004173

PATCH
title:Instant Messagingurl:http://www.imailserver.com/products/ipswitch-instant-messaging/iim-support/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-004173

EXTERNAL IDS
db:NVDid:CVE-2007-3959
Trust: 2.8
db:BIDid:25031
Trust: 2.0
db:SECUNIAid:26154
Trust: 1.8
db:SECTRACKid:1018440
Trust: 1.7
db:VUPENid:ADV-2007-2621
Trust: 1.7
db:JVNDBid:JVNDB-2007-004173
Trust: 0.8
db:CNNVDid:CNNVD-200707-408
Trust: 0.7
db:IDEFENSEid:20070723 IPSWITCH INSTANT MESSAGING SERVER DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-27321
Trust: 0.1
db:PACKETSTORMid:57984
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27321 // 
            
            
            
            BID: 25031 // 
            
            
            
            JVNDB: JVNDB-2007-004173 // 
            
            
            
            PACKETSTORM: 57984 // 
            
            
            
            CNNVD: CNNVD-200707-408 // 
            
            
            
            NVD: CVE-2007-3959

REFERENCES
url:http://www.ipswitch.com/support/instant_messaging/patch-upgrades.asp
Trust: 2.1
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=566
Trust: 2.1
url:http://www.securityfocus.com/bid/25031
Trust: 1.7
url:http://www.securitytracker.com/id?1018440
Trust: 1.7
url:http://secunia.com/advisories/26154
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/2621
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3959
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3959
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/2621
Trust: 0.6
url:/archive/1/474469
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://secunia.com/advisories/26154/
Trust: 0.1
url:http://secunia.com/product/14854/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/5167/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27321 // 
            
            
            
            BID: 25031 // 
            
            
            
            JVNDB: JVNDB-2007-004173 // 
            
            
            
            PACKETSTORM: 57984 // 
            
            
            
            CNNVD: CNNVD-200707-408 // 
            
            
            
            NVD: CVE-2007-3959

CREDITS
iDEFENSE
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200707-408

SOURCES
db:VULHUBid:VHN-27321
db:BIDid:25031
db:JVNDBid:JVNDB-2007-004173
db:PACKETSTORMid:57984
db:CNNVDid:CNNVD-200707-408
db:NVDid:CVE-2007-3959

LAST UPDATE DATE
2025-04-10T23:25:44.967000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-27321date:2011-03-08T00:00:00
db:BIDid:25031date:2015-05-07T17:36:00
db:JVNDBid:JVNDB-2007-004173date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200707-408date:2022-03-10T00:00:00
db:NVDid:CVE-2007-3959date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-27321date:2007-07-24T00:00:00
db:BIDid:25031date:2007-07-23T00:00:00
db:JVNDBid:JVNDB-2007-004173date:2012-09-25T00:00:00
db:PACKETSTORMid:57984date:2007-07-25T01:41:12
db:CNNVDid:CNNVD-200707-408date:2007-07-24T00:00:00
db:NVDid:CVE-2007-3959date:2007-07-24T18:30:00