ID CVE-2005-1256
Summary Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
References
Vulnerable Configurations
  • cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*
    cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*
  • cpe:2.3:a:ipswitch:imail_server:8.2:hotfix2:*:*:*:*:*:*
    cpe:2.3:a:ipswitch:imail_server:8.2:hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*
    cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 15-11-2008 - 05:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 13727
confirm http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html
idefense 20050524 Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability
sectrack 1014047
saint via4
  • bid 13727
    description IMail IMAP LOGIN special character vulnerability
    id mail_imap_imail
    osvdb 16804
    title imail_imap_login_specialchar
    type remote
  • bid 13727
    description IMail IMAP STATUS buffer overflow
    id mail_imap_imail
    osvdb 16806
    title imail_imap_status
    type remote
Last major update 15-11-2008 - 05:46
Published 25-05-2005 - 04:00
Last modified 15-11-2008 - 05:46
Back to Top