| Vulnerability Name: | CVE-2005-1256 (CCN-20713) | ||||||||
| Assigned: | 2005-05-24 | ||||||||
| Published: | 2005-05-24 | ||||||||
| Updated: | 2008-11-15 | ||||||||
| Summary: | Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Ipswitch FTP Product Support Web page IMail Source: MITRE Type: CNA CVE-2005-1256 Source: CCN Type: SECTRACK ID: 1014047 IPswitch IMail Bugs Let Remote Users View Files and Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1014047 Source: CCN Type: iDEFENSE Security Advisory 05.24.05 Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability Source: IDEFENSE Type: Vendor Advisory 20050524 Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability Source: CCN Type: Ipswitch Web site Welcome to Ipswitch Source: CCN Type: Ipswitch IMail Server 8.15 Hotfix 2 Support Source: CCN Type: Ipswitch IMail Server 8.2 Hotfix 2 Support Source: CONFIRM Type: Patch http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html Source: CCN Type: OSVDB ID: 16806 Ipswitch IMail IMAP STATUS Command Mailbox Name Overflow Source: BID Type: UNKNOWN 13727 Source: CCN Type: BID-13727 Ipswitch IMail Server Multiple Vulnerabilities Source: XF Type: UNKNOWN imail-status-bo(20713) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||