var-200609-0308
Vulnerability from variot
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SMTP daemon. A lack of bounds checking during the parsing of long strings contained within the characters '@' and ':' leads to a stack overflow vulnerability. Exploitation can result in code execution or a denial of service. Ipswitch IMail Server and Collaboration Suite are prone to a stack-overflow vulnerability. Updates are available. Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure are vulnerable. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Ipswitch IMail Server SMTP Service Unspecified Vulnerability
SECUNIA ADVISORY ID: SA21795
VERIFY ADVISORY: http://secunia.com/advisories/21795/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ IMail Secure Server 2006 http://secunia.com/product/8651/ IMail Server 2006 http://secunia.com/product/8653/
DESCRIPTION: A vulnerability has been reported in IMail Server, which can be exploited by malicious people to compromise a vulnerable system.
ORIGINAL ADVISORY: http://www.ipswitch.com/support/ics/updates/ics20061.asp http://www.ipswitch.com/support/imail/releases/im20061.asp
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow http://www.zerodayinitiative.com/advisories/ZDI-06-028.html September 7, 2006
-- CVE ID: CVE-2006-4379
-- Affected Vendor: Ipswitch
-- Affected Products: ICS/IMail Server 2006
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since August 31, 2006 by Digital Vaccine protection filter ID 4496.
-- Vendor Response: Ipswitch has issued an update, version 2006.1, to correct this vulnerability. More details can be found at:
http://www.ipswitch.com/support/imail/releases/im20061.asp
-- Disclosure Timeline: 2006.06.22 - Vulnerability reported to vendor 2006.08.31 - Digital Vaccine released to TippingPoint customers 2006.09.07 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by an anonymous researcher.
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "imail secure server",
"scope": "eq",
"trust": 2.7,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "imail plus",
"scope": "eq",
"trust": 2.4,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006_premium"
},
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006_standard"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipswitch",
"version": null
},
{
"_id": null,
"model": "collaboration suite",
"scope": "eq",
"trust": 0.8,
"vendor": "ipswitch",
"version": "2006 suite premium and standard editions"
},
{
"_id": null,
"model": "imail",
"scope": null,
"trust": 0.7,
"vendor": "ipswitch",
"version": null
},
{
"_id": null,
"model": "collaboration suite standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "collaboration suite premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "imail server",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006"
},
{
"_id": null,
"model": "imail plus",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "0"
},
{
"_id": null,
"model": "collaboration suite standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.1"
},
{
"_id": null,
"model": "collaboration suite premium edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.1"
},
{
"_id": null,
"model": "imail server",
"scope": "ne",
"trust": 0.3,
"vendor": "ipswitch",
"version": "2006.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "BID",
"id": "19885"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ipswitch:imail_plus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ipswitch:imail_secure_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ipswitch:ipswitch_collaboration_suite",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-028"
}
],
"trust": 0.7
},
"cve": "CVE-2006-4379",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-4379",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-20487",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-4379",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#542197",
"trust": 0.8,
"value": "12.86"
},
{
"author": "NVD",
"id": "CVE-2006-4379",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-20487",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
}
]
},
"description": {
"_id": null,
"data": "Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an \u0027@\u0027 character and before a \u0027:\u0027 character. The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SMTP daemon. A lack of bounds checking during the parsing of long strings contained within the characters \u0027@\u0027 and \u0027:\u0027 leads to a stack overflow vulnerability. Exploitation can result in code execution or a denial of service. Ipswitch IMail Server and Collaboration Suite are prone to a stack-overflow vulnerability. Updates are available. \nIpswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure are vulnerable. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nIpswitch IMail Server SMTP Service Unspecified Vulnerability\n\nSECUNIA ADVISORY ID:\nSA21795\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21795/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIpswitch Collaboration Suite 2006\nhttp://secunia.com/product/8652/\nIMail Secure Server 2006\nhttp://secunia.com/product/8651/\nIMail Server 2006\nhttp://secunia.com/product/8653/\n\nDESCRIPTION:\nA vulnerability has been reported in IMail Server, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nORIGINAL ADVISORY:\nhttp://www.ipswitch.com/support/ics/updates/ics20061.asp\nhttp://www.ipswitch.com/support/imail/releases/im20061.asp\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow\nhttp://www.zerodayinitiative.com/advisories/ZDI-06-028.html\nSeptember 7, 2006\n\n-- CVE ID:\nCVE-2006-4379\n\n-- Affected Vendor:\nIpswitch\n\n-- Affected Products:\nICS/IMail Server 2006\n\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since August 31, 2006 by Digital Vaccine protection\nfilter ID 4496. \n\n-- Vendor Response:\nIpswitch has issued an update, version 2006.1, to correct this\nvulnerability. More details can be found at:\n\nhttp://www.ipswitch.com/support/imail/releases/im20061.asp\n\n-- Disclosure Timeline:\n2006.06.22 - Vulnerability reported to vendor\n2006.08.31 - Digital Vaccine released to TippingPoint customers\n2006.09.07 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by an anonymous researcher. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4379"
},
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "BID",
"id": "19885"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "PACKETSTORM",
"id": "49786"
},
{
"db": "PACKETSTORM",
"id": "49828"
}
],
"trust": 3.51
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-20487",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20487"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2006-4379",
"trust": 3.6
},
{
"db": "SECUNIA",
"id": "21795",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-06-028",
"trust": 2.5
},
{
"db": "BID",
"id": "19885",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2006-3496",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016803",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016804",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#542197",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-067",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060907 ZDI-06-028: IPSWITCH COLLABORATION SUITE SMTP SERVER STACK OVERFLOW",
"trust": 0.6
},
{
"db": "XF",
"id": "28789",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "49828",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "3264",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "2601",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "3265",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-20487",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49786",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "BID",
"id": "19885"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "PACKETSTORM",
"id": "49786"
},
{
"db": "PACKETSTORM",
"id": "49828"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
}
]
},
"id": "VAR-200609-0308",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20487"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:50:25.028000Z",
"patch": {
"_id": null,
"data": [
{
"title": "im20061",
"trust": 1.5,
"url": "http://www.ipswitch.com/support/imail/releases/im20061.asp"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4379"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.4,
"url": "http://www.ipswitch.com/support/imail/releases/im20061.asp"
},
{
"trust": 2.6,
"url": "http://www.ipswitch.com/support/ics/updates/ics20061.asp"
},
{
"trust": 1.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-06-028.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19885"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016803"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016804"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21795"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/445521/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3496"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28789"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/21795/"
},
{
"trust": 0.8,
"url": "http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg108403.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4379"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4379"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3496"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28789"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/445521/100/0/threaded"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8653/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8651/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8652/"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4379"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
},
{
"db": "ZDI",
"id": "ZDI-06-028"
},
{
"db": "VULHUB",
"id": "VHN-20487"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006"
},
{
"db": "PACKETSTORM",
"id": "49786"
},
{
"db": "PACKETSTORM",
"id": "49828"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
},
{
"db": "NVD",
"id": "CVE-2006-4379"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#542197",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-06-028",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-20487",
"ident": null
},
{
"db": "BID",
"id": "19885",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002006",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "49786",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "49828",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2006-4379",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2006-12-07T00:00:00",
"db": "CERT/CC",
"id": "VU#542197",
"ident": null
},
{
"date": "2006-09-08T00:00:00",
"db": "ZDI",
"id": "ZDI-06-028",
"ident": null
},
{
"date": "2006-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-20487",
"ident": null
},
{
"date": "2006-09-07T00:00:00",
"db": "BID",
"id": "19885",
"ident": null
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002006",
"ident": null
},
{
"date": "2006-09-08T05:23:41",
"db": "PACKETSTORM",
"id": "49786",
"ident": null
},
{
"date": "2006-09-08T06:50:37",
"db": "PACKETSTORM",
"id": "49828",
"ident": null
},
{
"date": "2006-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-136",
"ident": null
},
{
"date": "2006-09-08T21:04:00",
"db": "NVD",
"id": "CVE-2006-4379",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2006-12-07T00:00:00",
"db": "CERT/CC",
"id": "VU#542197",
"ident": null
},
{
"date": "2006-09-08T00:00:00",
"db": "ZDI",
"id": "ZDI-06-028",
"ident": null
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20487",
"ident": null
},
{
"date": "2007-02-05T16:18:00",
"db": "BID",
"id": "19885",
"ident": null
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002006",
"ident": null
},
{
"date": "2006-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-136",
"ident": null
},
{
"date": "2024-11-21T00:15:49.037000",
"db": "NVD",
"id": "CVE-2006-4379",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "49828"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "The Ipswitch IMail Server is vulnerable to a buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#542197"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-136"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.