Sign-up

ID

VAR-200411-0057


CVE

CVE-2004-0297


TITLE

IMail Server LDAP daemon buffer overflow

Trust: 0.8

sources: CERT/CC: VU#972334

DESCRIPTION

Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length. Ipswitch, Inc. of Ipswitch Imail Exists in unspecified vulnerabilities.None. The Ipswitch LDAP daemon has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists due to a lack of sufficient boundary checks performed on user supplied LDAP tags. When attacker-supplied data containing large LDAP tags is processed by the affected service, a stack based buffer overflow condition will be triggered. A remote attacker may exploit this condition to execute arbitrary instructions in the security context of the affected service. Ipswitch IMail server is a WEB-based mail solution. The Ipswitch LDAP daemon does not adequately check user-supplied LDAP tokens. The LDAP message is composed of the length and content of the tag. The following tags 0x02 0x03 0x0A 0x25 0xBD represent integers 665, 501 (0xA25BD). If the length tag provided by the attacker is too long, the data provided by the user will be copied according to the tag length when the program is processed. Lack of sufficient bounds checks, may overwrite the memory address in the stack due to the following assembly specification: .text: 00401188 mov byte ptr [ebp+ecx+var_4], dl Carefully submitted copy data may be executed on the system with LDAP daemon process privileges Arbitrary instructions

Trust: 2.7

sources: NVD: CVE-2004-0297 // CERT/CC: VU#972334 // JVNDB: JVNDB-2004-000790 // BID: 9682 // VULHUB: VHN-8727

AFFECTED PRODUCTS

vendor:ipswitchmodel:imailscope:eqversion:8.0.5

Trust: 2.7

vendor:ipswitchmodel:imailscope:eqversion:8.0.3

Trust: 2.7

vendor:ipswitchmodel: - scope: - version: -

Trust: 0.8

vendor:ipswitchmodel:imailscope:eqversion: -

Trust: 0.8

vendor:ipswitchmodel:imailscope: - version: -

Trust: 0.8

sources: CERT/CC: VU#972334 // BID: 9682 // JVNDB: JVNDB-2004-000790 // CNNVD: CNNVD-200411-149 // NVD: CVE-2004-0297

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0297
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#972334
value: 38.48

Trust: 0.8

NVD: CVE-2004-0297
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200411-149
value: CRITICAL

Trust: 0.6

VULHUB: VHN-8727
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-0297
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8727
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#972334 // VULHUB: VHN-8727 // JVNDB: JVNDB-2004-000790 // CNNVD: CNNVD-200411-149 // NVD: CVE-2004-0297

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000790 // NVD: CVE-2004-0297

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200411-149

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200411-149

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-8727

EXTERNAL IDS
db:CERT/CCid:VU#972334
Trust: 3.3
db:NVDid:CVE-2004-0297
Trust: 3.3
db:BIDid:9682
Trust: 2.8
db:OSVDBid:3984
Trust: 1.7
db:SECUNIAid:10880
Trust: 0.8
db:JVNDBid:JVNDB-2004-000790
Trust: 0.8
db:CNNVDid:CNNVD-200411-149
Trust: 0.7
db:IDEFENSEid:20040217 IPSWITCH IMAIL LDAP DAEMON REMOTE BUFFER OVERFLOW
Trust: 0.6
db:XFid:15243
Trust: 0.6
db:SEEBUGid:SSVID-71326
Trust: 0.1
db:PACKETSTORMid:83017
Trust: 0.1
db:EXPLOIT-DBid:157
Trust: 0.1
db:EXPLOIT-DBid:16824
Trust: 0.1
db:VULHUBid:VHN-8727
Trust: 0.1
sources:
            
            
            CERT/CC: VU#972334 // 
            
            
            
            VULHUB: VHN-8727 // 
            
            
            
            BID: 9682 // 
            
            
            
            JVNDB: JVNDB-2004-000790 // 
            
            
            
            CNNVD: CNNVD-200411-149 // 
            
            
            
            NVD: CVE-2004-0297

REFERENCES
url:http://www.securityfocus.com/bid/9682
Trust: 2.5
url:http://www.kb.cert.org/vuls/id/972334
Trust: 2.5
url:http://www.idefense.com/application/poi/display?id=74
Trust: 2.5
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15243
Trust: 1.9
url:http://www.ipswitch.com/support/imail/releases/imail_professional/im805hf2.html
Trust: 1.7
url:http://www.osvdb.org/3984
Trust: 1.7
url:http://www.idefense.com/application/poi/display?id=74&type=vulnerabilities
Trust: 0.8
url:http://secunia.com/advisories/10880/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2004-0297
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/15243
Trust: 0.6
url:http://www.ipswitch.com/products/imail_server/index.asp
Trust: 0.3
url:/archive/1/354237
Trust: 0.3
sources:
            
            
            CERT/CC: VU#972334 // 
            
            
            
            VULHUB: VHN-8727 // 
            
            
            
            BID: 9682 // 
            
            
            
            JVNDB: JVNDB-2004-000790 // 
            
            
            
            CNNVD: CNNVD-200411-149 // 
            
            
            
            NVD: CVE-2004-0297

CREDITS
iDEFENSE Labs※ labs@idefense.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200411-149

SOURCES
db:CERT/CCid:VU#972334
db:VULHUBid:VHN-8727
db:BIDid:9682
db:JVNDBid:JVNDB-2004-000790
db:CNNVDid:CNNVD-200411-149
db:NVDid:CVE-2004-0297

LAST UPDATE DATE
2024-08-14T14:29:27.650000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#972334date:2004-03-19T00:00:00
db:VULHUBid:VHN-8727date:2017-10-10T00:00:00
db:BIDid:9682date:2004-02-17T00:00:00
db:JVNDBid:JVNDB-2004-000790date:2024-05-31T10:31:00
db:CNNVDid:CNNVD-200411-149date:2005-05-13T00:00:00
db:NVDid:CVE-2004-0297date:2017-10-10T01:30:19.640

SOURCES RELEASE DATE
db:CERT/CCid:VU#972334date:2004-02-23T00:00:00
db:VULHUBid:VHN-8727date:2004-11-23T00:00:00
db:BIDid:9682date:2004-02-17T00:00:00
db:JVNDBid:JVNDB-2004-000790date:2024-05-31T00:00:00
db:CNNVDid:CNNVD-200411-149date:2004-02-17T00:00:00
db:NVDid:CVE-2004-0297date:2004-11-23T05:00:00