ID CVE-2005-1255
Summary Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
References
Vulnerable Configurations
  • cpe:2.3:a:ipswitch:imail:8.12:*:*:*:*:*:*:*
    cpe:2.3:a:ipswitch:imail:8.12:*:*:*:*:*:*:*
  • cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*
    cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*
  • cpe:2.3:a:ipswitch:imail_server:8.2:hotfix2:*:*:*:*:*:*
    cpe:2.3:a:ipswitch:imail_server:8.2:hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*
    cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 15-11-2008 - 05:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 13727
confirm http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html
idefense 20050524 Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities
sectrack 1014047
saint via4
  • bid 13727
    description IMail IMAP STATUS buffer overflow
    id mail_imap_imail
    osvdb 16806
    title imail_imap_status
    type remote
  • bid 13727
    description IMail IMAP LOGIN special character vulnerability
    id mail_imap_imail
    osvdb 16804
    title imail_imap_login_specialchar
    type remote
Last major update 15-11-2008 - 05:46
Published 25-05-2005 - 04:00
Last modified 15-11-2008 - 05:46
Back to Top