CVE-2005-1249 - The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause

CVE-2005-1249

Summary

The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.

References

Vulnerable Configurations

cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 15-11-2008 - 05:46)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	13727
confirm	http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html
idefense	20050524 Ipswitch IMail IMAP LSUB DoS Vulnerability
sectrack	1014047

saint via4

bid 13727
description IMail IMAP LOGIN special character vulnerability
id mail_imap_imail
osvdb 16804
title imail_imap_login_specialchar
type remote
bid 13727
description IMail IMAP STATUS buffer overflow
id mail_imap_imail
osvdb 16806
title imail_imap_status
type remote

Last major update

15-11-2008 - 05:46

Published

25-05-2005 - 04:00

Last modified

15-11-2008 - 05:46