Vulnerability Name:

CVE-2008-3606 (CCN-44370)

Assigned:2008-08-08
Published:2008-08-08
Updated:2018-10-11
Summary:Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command.
Note: some of these details are obtained from third party information.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Fri Aug 08 2008 - 09:16:08 CDT
[AJECT] WinGate Email Server (IMAP) vulnerability

Source: MITRE
Type: CNA
CVE-2008-3606

Source: CCN
Type: SA31442
WinGate IMAP Server Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
31442

Source: SREASON
Type: UNKNOWN
4146

Source: CCN
Type: SECTRACK ID: 1020644
WinGate IMAP Service Lets Remote Authenticated Users Deny Service

Source: CCN
Type: OSVDB ID: 47360
WinGate IMAP Crafted LIST Command Handling Overflow DoS

Source: BUGTRAQ
Type: UNKNOWN
20080808 [AJECT] WinGate Email Server (IMAP) vulnerability

Source: BID
Type: Exploit
30606

Source: CCN
Type: BID-30606
Qbik WinGate LIST Command Remote Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020644

Source: CCN
Type: WinGate Web site
WinGate Proxy Server

Source: XF
Type: UNKNOWN
wingate-imapserver-bo(44370)

Source: XF
Type: UNKNOWN
wingate-imapserver-bo(44370)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:qbik:wingate:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.1:beta_a:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.3.0:beta_a:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.3.0:beta_b:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.4.0:beta_a:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.5.0:beta_a:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.5.0:beta_b:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.0.1.766:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.0.984:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.1.993:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.1.995:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.2.1000:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.2.1001:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.3.1005:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.4.1025:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.1.1.1077:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.1.2.1094:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.1.3.1096:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:*:*:*:*:*:*:*:* (Version <= 6.2.2)
  • OR cpe:/a:qbik:wingate:6.2.2.1137:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:qbik:wingate:*:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.1:beta_a:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.1.1.1077:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.1.2.1094:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.1.3.1096:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.2.2.1137:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.0.1.766:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.2.1001:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.3.1005:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.4.1025:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.2.1000:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.1.993:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.1.995:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:6.0.0.984:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.5.0:beta_a:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.5.0:beta_b:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.4.0:beta_a:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.3.0:beta_a:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.3.0:beta_b:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:qbik:wingate:4.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    qbik wingate 2.0
    qbik wingate 2.1
    qbik wingate 3.0
    qbik wingate 3.0.5
    qbik wingate 4.0.1
    qbik wingate 4.1 beta_a
    qbik wingate 4.1.0
    qbik wingate 4.1.1
    qbik wingate 4.2.0
    qbik wingate 4.3.0
    qbik wingate 4.3.0 beta_a
    qbik wingate 4.3.0 beta_b
    qbik wingate 4.4.0
    qbik wingate 4.4.0 beta_a
    qbik wingate 4.4.1
    qbik wingate 4.4.2
    qbik wingate 4.5.0 beta_a
    qbik wingate 4.5.0 beta_b
    qbik wingate 4.5.1
    qbik wingate 4.5.2
    qbik wingate 5.0
    qbik wingate 5.0.0
    qbik wingate 5.0.1
    qbik wingate 5.0.1.766
    qbik wingate 5.0.5
    qbik wingate 5.1
    qbik wingate 5.2
    qbik wingate 5.2.2
    qbik wingate 5.2.3
    qbik wingate 6.0
    qbik wingate 6.0.0.984
    qbik wingate 6.0.1.993
    qbik wingate 6.0.1.995
    qbik wingate 6.0.2.1000
    qbik wingate 6.0.2.1001
    qbik wingate 6.0.3.1005
    qbik wingate 6.0.4.1025
    qbik wingate 6.1.1.1077
    qbik wingate 6.1.2.1094
    qbik wingate 6.1.3.1096
    qbik wingate 6.1.4
    qbik wingate 6.2.1
    qbik wingate *
    qbik wingate 6.2.2.1137
    qbik wingate *
    qbik wingate 4.1 beta_a
    qbik wingate 5.0.5
    qbik wingate 6.1.1.1077
    qbik wingate 6.1.2.1094
    qbik wingate 6.1.3.1096
    qbik wingate 6.1.4
    qbik wingate 6.2.2
    qbik wingate 6.2.2.1137
    qbik wingate 5.0.1.766
    qbik wingate 2.1
    qbik wingate 3.0
    qbik wingate 4.0.1
    qbik wingate 5.0
    qbik wingate 5.2.3
    qbik wingate 6.0
    qbik wingate 6.2.1
    qbik wingate 2.0
    qbik wingate 3.0.5
    qbik wingate 6.0.2.1001
    qbik wingate 6.0.3.1005
    qbik wingate 6.0.4.1025
    qbik wingate 6.0.2.1000
    qbik wingate 6.0.1.993
    qbik wingate 6.0.1.995
    qbik wingate 6.0.0.984
    qbik wingate 5.2
    qbik wingate 5.2.2
    qbik wingate 5.0.0
    qbik wingate 5.0.1
    qbik wingate 5.1
    qbik wingate 4.5.2
    qbik wingate 4.5.0 beta_a
    qbik wingate 4.5.0 beta_b
    qbik wingate 4.5.1
    qbik wingate 4.4.2
    qbik wingate 4.4.0
    qbik wingate 4.4.1
    qbik wingate 4.4.0 beta_a
    qbik wingate 4.3.0 beta_a
    qbik wingate 4.3.0 beta_b
    qbik wingate 4.3.0
    qbik wingate 4.1.0
    qbik wingate 4.1.1
    qbik wingate 4.2.0