Sign-up

ID

VAR-201710-0926


CVE

CVE-2017-12639


TITLE

Ipswitch IMail Server Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-008530 // CNNVD: CNNVD-201710-443

DESCRIPTION

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED. Ipswitch IMail Server Contains a buffer error vulnerability. This vulnerability is also known as “ ETRE Or ETCTERARED Is called.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. A remote attacker could exploit this vulnerability to execute arbitrary code

Trust: 1.71

sources: NVD: CVE-2017-12639 // JVNDB: JVNDB-2017-008530 // VULHUB: VHN-103181

AFFECTED PRODUCTS

vendor:ipswitchmodel:imail serverscope:lteversion:12.5.5

Trust: 1.8

vendor:ipswitchmodel:imail serverscope:eqversion:12.5.5

Trust: 0.6

sources: JVNDB: JVNDB-2017-008530 // CNNVD: CNNVD-201710-443 // NVD: CVE-2017-12639

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12639
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-12639
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201710-443
value: HIGH

Trust: 0.6

VULHUB: VHN-103181
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12639
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-103181
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12639
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-103181 // JVNDB: JVNDB-2017-008530 // CNNVD: CNNVD-201710-443 // NVD: CVE-2017-12639

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-103181 // JVNDB: JVNDB-2017-008530 // NVD: CVE-2017-12639

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-443

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201710-443

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008530

PATCH
title:Release Notes for IMail Server v12.5.6url:https://docs.ipswitch.com/_Messaging/IMailServer/v12.5.6/ReleaseNotes/index.htm#link8
Trust: 0.8
title:Ipswitch IMail Server Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75525
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-008530 // 
            
            
            
            CNNVD: CNNVD-201710-443

EXTERNAL IDS
db:NVDid:CVE-2017-12639
Trust: 2.5
db:JVNDBid:JVNDB-2017-008530
Trust: 0.8
db:CNNVDid:CNNVD-201710-443
Trust: 0.7
db:VULHUBid:VHN-103181
Trust: 0.1
sources:
            
            
            VULHUB: VHN-103181 // 
            
            
            
            JVNDB: JVNDB-2017-008530 // 
            
            
            
            CNNVD: CNNVD-201710-443 // 
            
            
            
            NVD: CVE-2017-12639

REFERENCES
url:https://docs.ipswitch.com/_messaging/imailserver/v12.5.6/releasenotes/index.htm#link8
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12639
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12639
Trust: 0.8
sources:
            
            
            VULHUB: VHN-103181 // 
            
            
            
            JVNDB: JVNDB-2017-008530 // 
            
            
            
            CNNVD: CNNVD-201710-443 // 
            
            
            
            NVD: CVE-2017-12639

SOURCES
db:VULHUBid:VHN-103181
db:JVNDBid:JVNDB-2017-008530
db:CNNVDid:CNNVD-201710-443
db:NVDid:CVE-2017-12639

LAST UPDATE DATE
2025-04-20T23:34:17.471000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-103181date:2017-10-10T00:00:00
db:JVNDBid:JVNDB-2017-008530date:2017-10-23T00:00:00
db:CNNVDid:CNNVD-201710-443date:2017-10-17T00:00:00
db:NVDid:CVE-2017-12639date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-103181date:2017-10-03T00:00:00
db:JVNDBid:JVNDB-2017-008530date:2017-10-23T00:00:00
db:CNNVDid:CNNVD-201710-443date:2017-10-17T00:00:00
db:NVDid:CVE-2017-12639date:2017-10-03T01:29:01.293