ID

VAR-200004-0055


CVE

CVE-2000-0301


TITLE

Ipswitch IMAIL server Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200004-008

DESCRIPTION

Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. Due to the implementation of IMail's authentication scheme, the server could be remotely forced to stop responding to login requests. If the client fails to terminate the connection, IMail will not be able to authenticate any other users due to the fact that it can only authorize one user at a time. Once the client times out the connection, IMail will regain normal functionality. Otherwise the service will have to be restarted

Trust: 1.26

sources: NVD: CVE-2000-0301 // BID: 1094 // VULHUB: VHN-1880

AFFECTED PRODUCTS

vendor:ipswitchmodel:imailscope:eqversion:6.2

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:6.1

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:6.0

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:5.0.8

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:5.0.7

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:5.0.6

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:5.0.5

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:5.0

Trust: 1.9

sources: BID: 1094 // CNNVD: CNNVD-200004-008 // NVD: CVE-2000-0301

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0301
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200004-008
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1880
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2000-0301
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1880
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1880 // CNNVD: CNNVD-200004-008 // NVD: CVE-2000-0301

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0301

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200004-008

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200004-008

EXTERNAL IDS

db:BIDid:1094

Trust: 2.0

db:NVDid:CVE-2000-0301

Trust: 1.7

db:CNNVDid:CNNVD-200004-008

Trust: 0.7

db:BUGTRAQid:20000405 RE: IMAIL (IPSWITCH) DOS WITH EUDORA (QUALCOMM)

Trust: 0.6

db:VULHUBid:VHN-1880

Trust: 0.1

sources: VULHUB: VHN-1880 // BID: 1094 // CNNVD: CNNVD-200004-008 // NVD: CVE-2000-0301

REFERENCES

url:http://support.ipswitch.com/kb/im-20000208-dm02.htm

Trust: 3.0

url:http://www.securityfocus.com/bid/1094

Trust: 2.7

url:http://marc.info/?l=bugtraq&m=95505800117143&w=2

Trust: 2.1

url:http://marc.theaimsgroup.com/?l=bugtraq&m=95505800117143&w=2

Trust: 0.6

url:http://www.ipswitch.com/products/imail_server/index.html

Trust: 0.3

url: -

Trust: 0.1

sources: VULHUB: VHN-1880 // BID: 1094 // CNNVD: CNNVD-200004-008 // NVD: CVE-2000-0301

CREDITS

Posted to Bugtraq on April 5, 2000 by Anthony Santen <anthony@santen.net>.

Trust: 0.3

sources: BID: 1094

SOURCES

db:VULHUBid:VHN-1880
db:BIDid:1094
db:CNNVDid:CNNVD-200004-008
db:NVDid:CVE-2000-0301

LAST UPDATE DATE

2024-11-22T23:00:47.174000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1880date:2016-10-18T00:00:00
db:BIDid:1094date:2000-04-06T00:00:00
db:CNNVDid:CNNVD-200004-008date:2010-12-02T00:00:00
db:NVDid:CVE-2000-0301date:2024-11-20T23:32:11.327

SOURCES RELEASE DATE

db:VULHUBid:VHN-1880date:2000-04-06T00:00:00
db:BIDid:1094date:2000-04-06T00:00:00
db:CNNVDid:CNNVD-200004-008date:2000-04-06T00:00:00
db:NVDid:CVE-2000-0301date:2000-04-06T04:00:00