ID

VAR-200102-0075


CVE

CVE-2001-0039


TITLE

IBM AIX setclock buffer overflow in remote timeserver argument

Trust: 0.8

sources: CERT/CC: VU#739201

DESCRIPTION

IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. There is a vulnerability in IPSwitch IMail version 6.0.5. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability By Sowhat of Nevis Labs Date: 2006.04.11 http://www.nevisnetworks.com http://secway.org/advisory/AD20060411.txt http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx CVE: CVE-2006-1189 Vendor Microsoft Inc. Products affected: Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 and Microsoft Windows XP Service Pack 1 Internet Explorer 6 for Microsoft Windows XP Service Pack 2 Internet Explorer 6 for Microsoft Windows Server 2003 Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft Windows 98 SE, and Microsoft Windows Millennium Edition This vulnerability affects systems that use Double-Byte Character Sets. Systems that are affected are Windows language versions that use a Double Byte Character Set language. Examples of languages that use DBCS are Chinese, Japanese, and Korean languages. Customers using other language versions of Windows might also be affected if "Language for non-Unicode programs" has been set to a Double Byte Character Set language. Overview: There exists a buffer overflow in Microsoft Internet Explorer in the parsing of DBCS URLS. This vulnerability could allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message. This attack may be utilized wherever IE parses HTML, such as webpages, email, newsgroups, and within applications utilizing web-browsing functionality. Details: URLMON.DLL does not properly validate IDN containing double-byte character sets (DBCS), which may lead to remote code execution. Exploiting this vulnerability seems to need a lot of more work but we believe that exploitation is possible. POC: No PoC will be released for this. FIX: Microsoft has released an update for Internet Explorer which is set to address this issue. This can be downloaded from: http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx Vendor Response: 2005.12.29 Vendor notified via secure@microsoft.com 2005.12.29 Vendor responded 2006.04.11 Vendor released MS06-0xx patch 2006.04.11 Advisory released Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2006-1189 Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys, all XFocus and 0x557 guys :) References: 1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx 2. http://www.nsfocus.com/english/homepage/research/0008.htm 3. http://xforce.iss.net/xforce/xfdb/5729 4. http://www.securityfocus.com/bid/2100/discuss 5. http://www.inter-locale.com/whitepaper/IUC27-a303.html 6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx 7. [Mozilla Firefox IDN "Host:" Buffer Overflow] http://www.security-protocols.com/advisory/sp-x17-advisory.txt 8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow] http://www.security-protocols.com/advisory/sp-x18-advisory.txt 9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com /research/devnotes/1995/may/02/05.htm -- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?"

Trust: 3.96

sources: NVD: CVE-2001-0039 // CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // VULHUB: VHN-2861 // PACKETSTORM: 45442

AFFECTED PRODUCTS

vendor:ibmmodel: - scope: - version: -

Trust: 2.4

vendor:ipswitchmodel:imailscope:eqversion:6.0.5

Trust: 1.6

sources: CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#886953 // CNNVD: CNNVD-200102-106 // NVD: CVE-2001-0039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0039
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#739201
value: 7.09

Trust: 0.8

CARNEGIE MELLON: VU#808633
value: 5.36

Trust: 0.8

CARNEGIE MELLON: VU#872257
value: 7.09

Trust: 0.8

CARNEGIE MELLON: VU#886953
value: 15.19

Trust: 0.8

CNNVD: CNNVD-200102-106
value: MEDIUM

Trust: 0.6

VULHUB: VHN-2861
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2001-0039
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-2861
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // VULHUB: VHN-2861 // CNNVD: CNNVD-200102-106 // NVD: CVE-2001-0039

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0039

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 45442 // CNNVD: CNNVD-200102-106

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200102-106

EXTERNAL IDS

db:NVDid:CVE-2001-0039

Trust: 1.7

db:BIDid:2083

Trust: 1.7

db:BIDid:2035

Trust: 0.8

db:XFid:5618

Trust: 0.8

db:CERT/CCid:VU#739201

Trust: 0.8

db:BIDid:2033

Trust: 0.8

db:XFid:5620

Trust: 0.8

db:CERT/CCid:VU#808633

Trust: 0.8

db:BIDid:2034

Trust: 0.8

db:XFid:5619

Trust: 0.8

db:CERT/CCid:VU#872257

Trust: 0.8

db:BIDid:2032

Trust: 0.8

db:XFid:5621

Trust: 0.8

db:CERT/CCid:VU#886953

Trust: 0.8

db:CNNVDid:CNNVD-200102-106

Trust: 0.7

db:BUGTRAQid:20001206 DOS BY SMTP AUTH COMMAND IN IPSWITCH IMAIL SERVER

Trust: 0.6

db:XFid:5674

Trust: 0.6

db:VULHUBid:VHN-2861

Trust: 0.1

db:XFid:5729

Trust: 0.1

db:BIDid:2100

Trust: 0.1

db:PACKETSTORMid:45442

Trust: 0.1

sources: CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // VULHUB: VHN-2861 // PACKETSTORM: 45442 // CNNVD: CNNVD-200102-106 // NVD: CVE-2001-0039

REFERENCES

url:http://www.securityfocus.com/bid/2083

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html

Trust: 1.7

url:http://www.ipswitch.com/support/imail/news.html

Trust: 1.7

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139925+stiy08143+usbin

Trust: 1.6

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy08143

Trust: 1.6

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137627+stiy08287+usbin

Trust: 1.6

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy08287

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5674

Trust: 1.1

url:http://www.securityfocus.com/bid/2035

Trust: 0.8

url:http://xforce.iss.net/static/5618.php

Trust: 0.8

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da139817+stiy07831+usbin

Trust: 0.8

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy07831

Trust: 0.8

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da137621+stiy07790+usbin

Trust: 0.8

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy07790

Trust: 0.8

url:http://www.securityfocus.com/bid/2033

Trust: 0.8

url:http://xforce.iss.net/static/5620.php

Trust: 0.8

url:http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/digest.htm#a26p05a6

Trust: 0.8

url:http://www.securityfocus.com/bid/2034

Trust: 0.8

url:http://xforce.iss.net/static/5619.php

Trust: 0.8

url:http://www.rs6000.ibm.com/idd500/usr/share/man/info/en_us/a_doc_lib/cmds/aixcmds2/enq.htm#a200977f

Trust: 0.8

url:http://www.securityfocus.com/bid/2032

Trust: 0.8

url:http://xforce.iss.net/static/5621.php

Trust: 0.8

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da114623+stiy10721+usbin

Trust: 0.8

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy10721

Trust: 0.8

url:http://techsupport.services.ibm.com/rs6000/aix.uhuic_getrec?args=dvhuron.boulder.ibm.com+dbaix+da123587+stiy08812+usbin

Trust: 0.8

url:http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=iy08812

Trust: 0.8

url:http://www.rs6000.ibm.com/doc_link/en_us/a_doc_lib/cmds/aixcmds5/setsenv.htm#wpg2f0frit

Trust: 0.8

url:http://xforce.iss.net/static/5674.php

Trust: 0.6

url:http://www.inter-locale.com/whitepaper/iuc27-a303.html

Trust: 0.1

url:http://xforce.iss.net/xforce/xfdb/5729

Trust: 0.1

url:http://www.security-protocols.com/advisory/sp-x17-advisory.txt

Trust: 0.1

url:http://www.nsfocus.com/english/homepage/research/0008.htm

Trust: 0.1

url:http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx

Trust: 0.1

url:http://www.nevisnetworks.com

Trust: 0.1

url:http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx

Trust: 0.1

url:http://www.security-protocols.com/advisory/sp-x18-advisory.txt

Trust: 0.1

url:http://secway.org

Trust: 0.1

url:http://www.securityfocus.com/bid/2100/discuss

Trust: 0.1

url:http://secway.org/advisory/ad20060411.txt

Trust: 0.1

url:http://cve.mitre.org),

Trust: 0.1

url:http://72.14.203.104/search?q=cache:dxn-v4fil1ij:developer.novell.com

Trust: 0.1

sources: CERT/CC: VU#739201 // CERT/CC: VU#808633 // CERT/CC: VU#872257 // CERT/CC: VU#886953 // VULHUB: VHN-2861 // PACKETSTORM: 45442 // CNNVD: CNNVD-200102-106 // NVD: CVE-2001-0039

CREDITS

Sowhat

Trust: 0.1

sources: PACKETSTORM: 45442

SOURCES

db:CERT/CCid:VU#739201
db:CERT/CCid:VU#808633
db:CERT/CCid:VU#872257
db:CERT/CCid:VU#886953
db:VULHUBid:VHN-2861
db:PACKETSTORMid:45442
db:CNNVDid:CNNVD-200102-106
db:NVDid:CVE-2001-0039

LAST UPDATE DATE

2024-11-23T20:34:12.837000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#739201date:2001-09-28T00:00:00
db:CERT/CCid:VU#808633date:2001-09-28T00:00:00
db:CERT/CCid:VU#872257date:2001-09-28T00:00:00
db:CERT/CCid:VU#886953date:2001-09-28T00:00:00
db:VULHUBid:VHN-2861date:2017-10-10T00:00:00
db:CNNVDid:CNNVD-200102-106date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0039date:2017-10-10T01:29:33.263

SOURCES RELEASE DATE

db:CERT/CCid:VU#739201date:2001-09-28T00:00:00
db:CERT/CCid:VU#808633date:2001-09-28T00:00:00
db:CERT/CCid:VU#872257date:2001-09-28T00:00:00
db:CERT/CCid:VU#886953date:2001-09-28T00:00:00
db:VULHUBid:VHN-2861date:2001-02-16T00:00:00
db:PACKETSTORMid:45442date:2006-04-14T01:00:47
db:CNNVDid:CNNVD-200102-106date:2001-02-16T00:00:00
db:NVDid:CVE-2001-0039date:2001-02-16T05:00:00