Details of VAR-200004-0055

ID

VAR-200004-0055

CVE

CVE-2000-0301

TITLE

Ipswitch IMAIL server Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200004-008

DESCRIPTION

Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. Due to the implementation of IMail's authentication scheme, the server could be remotely forced to stop responding to login requests. If the client fails to terminate the connection, IMail will not be able to authenticate any other users due to the fact that it can only authorize one user at a time. Once the client times out the connection, IMail will regain normal functionality. Otherwise the service will have to be restarted

Trust: 1.26

sources: NVD: CVE-2000-0301 // BID: 1094 // VULHUB: VHN-1880

AFFECTED PRODUCTS

vendor:	ipswitch	model:	imail	scope:	eq	version:	6.2	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.1	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	5.0.8	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	5.0.7	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	5.0.6	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	5.0.5	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	5.0	Trust: 1.9

sources: BID: 1094 // CNNVD: CNNVD-200004-008 // NVD: CVE-2000-0301

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-0301
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200004-008
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-1880
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2000-0301
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-1880
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1880 // CNNVD: CNNVD-200004-008 // NVD: CVE-2000-0301

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0301

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200004-008

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200004-008

EXTERNAL IDS

db:	BID	id:	1094	Trust: 2.0
db:	NVD	id:	CVE-2000-0301	Trust: 1.7
db:	CNNVD	id:	CNNVD-200004-008	Trust: 0.7
db:	BUGTRAQ	id:	20000405 RE: IMAIL (IPSWITCH) DOS WITH EUDORA (QUALCOMM)	Trust: 0.6
db:	VULHUB	id:	VHN-1880	Trust: 0.1

sources: VULHUB: VHN-1880 // BID: 1094 // CNNVD: CNNVD-200004-008 // NVD: CVE-2000-0301

REFERENCES

url:	http://support.ipswitch.com/kb/im-20000208-dm02.htm	Trust: 2.0
url:	http://www.securityfocus.com/bid/1094	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=95505800117143&w=2	Trust: 1.1
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=95505800117143&w=2	Trust: 0.6
url:	http://www.ipswitch.com/products/imail_server/index.html	Trust: 0.3
url:	-	Trust: 0.1

sources: VULHUB: VHN-1880 // BID: 1094 // CNNVD: CNNVD-200004-008 // NVD: CVE-2000-0301

CREDITS

Posted to Bugtraq on April 5, 2000 by Anthony Santen <anthony@santen.net>.

Trust: 0.3

sources: BID: 1094

SOURCES

db:	VULHUB	id:	VHN-1880
db:	BID	id:	1094
db:	CNNVD	id:	CNNVD-200004-008
db:	NVD	id:	CVE-2000-0301

LAST UPDATE DATE

2024-08-14T15:31:21.799000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1880	date:	2016-10-18T00:00:00
db:	BID	id:	1094	date:	2000-04-06T00:00:00
db:	CNNVD	id:	CNNVD-200004-008	date:	2010-12-02T00:00:00
db:	NVD	id:	CVE-2000-0301	date:	2016-10-18T02:06:42.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1880	date:	2000-04-06T00:00:00
db:	BID	id:	1094	date:	2000-04-06T00:00:00
db:	CNNVD	id:	CNNVD-200004-008	date:	2000-04-06T00:00:00
db:	NVD	id:	CVE-2000-0301	date:	2000-04-06T04:00:00