Vulnerability Name:

CCN-1899

Published:1999-03-01
Updated:1999-03-01
Summary:The Whois32 service included in the IMail package is vulnerable to a buffer overflow that could allow a remote attacker to crash the service. It not known whether this vulnerability can be manipulated to execute arbitrary code on the victim computer.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: eEye Digital Security Team Alert AD03011999
Multiple IMail Vulnerabilites

Source: CCN
Type: Ipswitch, Inc. Product Information
IMail Server by Ipswitch

Source: CCN
Type: BID-506
NT IMail Whois32 Daemon Buffer Overflow DoS Vulnerability

Source: XF
Type: UNKNOWN
imail-whois-overflow(1899)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:ipswitch:imail_server:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ipswitch imail server *
    microsoft windows nt 4.0
    microsoft windows 2000 *
    microsoft windows 2003_server