Vulnerability Name:

CCN-1896

Published:1999-03-01
Updated:1999-03-01
Summary:IMail is vulnerable to a buffer overflow in the Lightweight Directory Access Protocol (LDAP) server. By sending a large number of characters to the LDAP server, a remote attacker can overflow the buffer and cause the LDAP service to consume all available resources on the server. It is not known whether an attacker can use this vulnerability to execute arbitrary code.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: eEye Digital Security Team Alert AD03011999
Multiple IMail Vulnerabilites

Source: CCN
Type: Ipswitch, Inc. Product Information
IMail Server by Ipswitch

Source: XF
Type: UNKNOWN
imail-ldap-overflow(1896)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:ipswitch:imail_server:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ipswitch imail server *
    microsoft windows *