Sign-up

ID

VAR-200708-0527


TITLE

Ipswitch IMail Server SEARCH Command Remote Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2007-4832

DESCRIPTION

Ipswitch IMail Server is a mail server bundled in the Ipswitch collaboration component. A buffer overflow vulnerability exists in the IMail server processing parameters of the SEARCH command request. A remote attacker could exploit this vulnerability to control the server. The IMail server has a stack buffer overflow problem when dealing with multiple options of the SEARCH command (BEFORE, ON, SINCE, SENTBEFORE, SENTON, SENTSINCE). The remote attacker can trigger an overflow by submitting a malformed SEARCH request, resulting in arbitrary instructions. Ipswitch IMail Server and Collaboration Suite (ICS) are prone to multiple buffer-overflow vulnerabilities because these applications fail to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Attackers may exploit these issues to execute arbitrary code in the context of the affected applications. Failed exploit attempts will likely result in denial-of-service conditions. These versions are reported vulnerable to these issues: Ipswitch Collaboration Suite (ICS) 2006 IMail Premium 2006.2 and 2006.21 Other versions may also be affected. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. This can be exploited to cause stack-based buffer overflows via overly long, quoted or unquoted arguments passed to the command. Successful exploitation allows execution of arbitrary code. Other versions may also be affected. SOLUTION: Grant only trusted users access to the IMAP service. PROVIDED AND/OR DISCOVERED BY: Independently discovered by: * Secunia Research * ZhenHan Liu, Ph4nt0m Security Team. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.9

sources: CNVD: CNVD-2007-4832 // BID: 25176 // PACKETSTORM: 58238

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2007-4832

AFFECTED PRODUCTS

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:ipswitchmodel:imail server premiumscope:eqversion:2006.21

Trust: 0.3

vendor:ipswitchmodel:imail server premiumscope:eqversion:2006.2

Trust: 0.3

vendor:ipswitchmodel:collaboration suitescope:eqversion:2006

Trust: 0.3

sources: CNVD: CNVD-2007-4832 // BID: 25176

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2007-4832
value: HIGH

Trust: 0.6

CNVD: CNVD-2007-4832
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2007-4832

THREAT TYPE

network

Trust: 0.3

sources: BID: 25176

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 25176

EXTERNAL IDS

db:BIDid:25176

Trust: 0.9

db:SECUNIAid:26193

Trust: 0.7

db:CNVDid:CNVD-2007-4832

Trust: 0.6

db:PACKETSTORMid:58238

Trust: 0.1

sources: CNVD: CNVD-2007-4832 // BID: 25176 // PACKETSTORM: 58238

REFERENCES

url:http://secunia.com/advisories/26193/

Trust: 0.7

url:http://www.ipswitch.com/products/imail_server/index.html

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:https://psi.secunia.com/

Trust: 0.1

url:http://secunia.com/product/8653/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/8652/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2007-4832 // BID: 25176 // PACKETSTORM: 58238

CREDITS

ZhenHan Liu, Ph4nt0m Security Team and Secunia Research are credited with discovering these issues.

Trust: 0.3

sources: BID: 25176

SOURCES

db:CNVDid:CNVD-2007-4832
db:BIDid:25176
db:PACKETSTORMid:58238

LAST UPDATE DATE

2022-05-17T22:39:10.182000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2007-4832date:2014-01-24T00:00:00
db:BIDid:25176date:2007-08-03T00:05:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2007-4832date:2007-08-02T00:00:00
db:BIDid:25176date:2007-08-02T00:00:00
db:PACKETSTORMid:58238date:2007-08-08T04:01:26