CVE-2006-4379 - Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Stan

CVE-2006-4379

Summary

Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character.

References

Vulnerable Configurations

cpe:2.3:a:ipswitch:imail_plus:2006:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:imail_plus:2006:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:imail_secure_server:2006:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:imail_secure_server:2006:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006_premium:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006_premium:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006_standard:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006_standard:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	19885
bugtraq	20060907 ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow
confirm	http://www.ipswitch.com/support/ics/updates/ics20061.asp http://www.ipswitch.com/support/imail/releases/im20061.asp
misc	http://www.zerodayinitiative.com/advisories/ZDI-06-028.html
sectrack	1016803 1016804
secunia	21795
vupen	ADV-2006-3496
xf	ipswitch-smtp-daemon-code-execution(28789)

saint via4

bid	19885
description	IMail SMTP RCPT TO buffer overflow
id	mail_smtp_imail
osvdb	28576
title	imail_smtp_rcpt_to
type	remote

Last major update

17-10-2018 - 21:36

Published

08-09-2006 - 21:04

Last modified

17-10-2018 - 21:36