Vulnerability Name:

CVE-2007-2795 (CCN-35504)

Assigned:2007-07-18
Published:2007-07-18
Updated:2009-01-28
Summary:Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
7.5 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-2795

Source: MITRE
Type: CNA
CVE-2007-3927

Source: CCN
Type: SA26123
Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflows

Source: CCN
Type: SECTRACK ID: 1018421
IMail Server Heap Overflow in `Imailsec.dll` Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: Ipswitch Inc. Web site
Release notes for IMail Server 2006.21 (v9.21)

Source: CONFIRM
Type: Patch
http://www.ipswitch.com/support/imail/releases/im200621.asp

Source: CCN
Type: OSVDB ID: 45818
Ipswitch IMail Server Imailsec Unspecified Remote Code Execution

Source: CCN
Type: OSVDB ID: 45819
Ipswitch IMail Server subscribe Function Unspecified Issue

Source: CCN
Type: BID-24962
Ipswitch IMail Server Multiple Buffer Overflow Vulnerabilities

Source: MISC
Type: Patch
http://www.zerodayinitiative.com/advisories/ZDI-07-042/

Source: MISC
Type: Patch
http://www.zerodayinitiative.com/advisories/ZDI-07-043/

Source: XF
Type: UNKNOWN
ipswitch-imail-imailsec-bo(35504)

Source: CCN
Type: ZDI-07-042
Ipswitch IMail Server GetIMailHostEntry Memory Corruption Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ipswitch:imail:2006.1:*:*:*:*:*:*:*
  • OR cpe:/a:ipswitch:imail:*:*:*:*:*:*:*:* (Version <= 2006.2)

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-2795 (CCN-35505)

    Assigned:2007-07-18
    Published:2007-07-18
    Updated:2009-01-28
    Summary:Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
    CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Changed
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
    7.5 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-119
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2007-2795

    Source: MITRE
    Type: CNA
    CVE-2007-3927

    Source: CCN
    Type: SA26123
    Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflows

    Source: CCN
    Type: SECTRACK ID: 1018421
    IMail Server Heap Overflow in `Imailsec.dll` Lets Remote Users Execute Arbitrary Code

    Source: CCN
    Type: Ipswitch Inc. Web site
    Release notes for IMail Server 2006.21 (v9.21)

    Source: CCN
    Type: OSVDB ID: 45818
    Ipswitch IMail Server Imailsec Unspecified Remote Code Execution

    Source: CCN
    Type: OSVDB ID: 45819
    Ipswitch IMail Server subscribe Function Unspecified Issue

    Source: CCN
    Type: BID-24962
    Ipswitch IMail Server Multiple Buffer Overflow Vulnerabilities

    Source: XF
    Type: UNKNOWN
    ipswitch-imail-subscribe-bo(35505)

    Source: CCN
    Type: ZDI-07-043
    Ipswitch IMail IMAP Daemon SUBSCRIBE Stack Overflow Vulnerability

    BACK
    ipswitch imail 2006.1
    ipswitch imail *