Details of VAR-200412-0343

ID

VAR-200412-0343

CVE

CVE-2004-2422

TITLE

Ipswitch IMail Server Multiple Buffer Overflow Denial Of Service Vulnerabilities

Trust: 0.9

sources: BID: 11106 // CNNVD: CNNVD-200412-1106

DESCRIPTION

Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component. It is reported that IMail is susceptible to multiple buffer overflow denial of service vulnerabilities. These vulnerabilities allow a remote attacker to crash the affected application, denying service to legitimate users. It is conjectured that it may be possible for an attacker to execute arbitrary code in the context of the affected server application. Versions of the application prior to 8.13 are reported affected by these vulnerabilities. TITLE: IMail Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA12453 VERIFY ADVISORY: http://secunia.com/advisories/12453/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: IMail Server 8.x http://secunia.com/product/3048/ DESCRIPTION: Various vulnerabilities have been reported in IMail, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). 2) An unspecified error within the Web Calendaring can potentially be exploited to cause a crash when a calender entry containing certain content is viewed. SOLUTION: Apply IMail Server 8.13 patch. http://www.ipswitch.com/support/imail/releases/imail_professional/im813.html PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://support.ipswitch.com/kb/IM-20040902-DM01.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2004-2422 // BID: 11106 // VULHUB: VHN-10850 // PACKETSTORM: 34264

AFFECTED PRODUCTS

vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.4	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.3	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.2	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.1	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	5.0.8	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	5.0.7	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	5.0.6	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	5.0.5	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	5.0	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	8.1	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	8.0.5	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	8.0.3	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.12	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.1	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.7	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.6	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.5	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.4	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.3	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.2	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.1	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.4	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.3	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.2	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.1	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.6	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.5	Trust: 1.3
vendor:	ipswitch	model:	imail	scope:	ne	version:	8.13	Trust: 0.3

sources: BID: 11106 // CNNVD: CNNVD-200412-1106 // NVD: CVE-2004-2422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2422
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200412-1106
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-10850
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-2422
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10850
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10850 // CNNVD: CNNVD-200412-1106 // NVD: CVE-2004-2422

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2422

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-1106

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 11106 // CNNVD: CNNVD-200412-1106

EXTERNAL IDS

db:	BID	id:	11106	Trust: 2.0
db:	SECUNIA	id:	12453	Trust: 1.8
db:	NVD	id:	CVE-2004-2422	Trust: 1.7
db:	OSVDB	id:	9554	Trust: 1.7
db:	OSVDB	id:	9552	Trust: 1.7
db:	SECTRACK	id:	1011146	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-1106	Trust: 0.7
db:	XF	id:	17222	Trust: 0.6
db:	XF	id:	17219	Trust: 0.6
db:	VULHUB	id:	VHN-10850	Trust: 0.1
db:	PACKETSTORM	id:	34264	Trust: 0.1

sources: VULHUB: VHN-10850 // BID: 11106 // PACKETSTORM: 34264 // CNNVD: CNNVD-200412-1106 // NVD: CVE-2004-2422

REFERENCES

url:	http://www.securityfocus.com/bid/11106	Trust: 1.7
url:	http://support.ipswitch.com/kb/im-20040902-dm01.htm#fixes	Trust: 1.7
url:	http://www.osvdb.org/9552	Trust: 1.7
url:	http://www.osvdb.org/9554	Trust: 1.7
url:	http://securitytracker.com/id?1011146	Trust: 1.7
url:	http://secunia.com/advisories/12453	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17219	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17222	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/17222	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/17219	Trust: 0.6
url:	http://support.ipswitch.com/kb/im-20040902-dm01.htm	Trust: 0.4
url:	http://www.ipswitch.com/support/imail/patch-upgrades.html	Trust: 0.3
url:	http://www.ipswitch.com/products/imail_server/index.html	Trust: 0.3
url:	http://www.ipswitch.com/support/imail/releases/imail_professional/im813.html	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/3048/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/12453/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-10850 // BID: 11106 // PACKETSTORM: 34264 // CNNVD: CNNVD-200412-1106 // NVD: CVE-2004-2422

CREDITS

Ipswitch

Trust: 0.6

sources: CNNVD: CNNVD-200412-1106

SOURCES

db:	VULHUB	id:	VHN-10850
db:	BID	id:	11106
db:	PACKETSTORM	id:	34264
db:	CNNVD	id:	CNNVD-200412-1106
db:	NVD	id:	CVE-2004-2422

LAST UPDATE DATE

2024-08-14T14:16:09.944000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10850	date:	2017-07-11T00:00:00
db:	BID	id:	11106	date:	2004-09-03T00:00:00
db:	CNNVD	id:	CNNVD-200412-1106	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-2422	date:	2017-07-11T01:31:52.890

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10850	date:	2004-12-31T00:00:00
db:	BID	id:	11106	date:	2004-09-03T00:00:00
db:	PACKETSTORM	id:	34264	date:	2004-09-09T06:47:23
db:	CNNVD	id:	CNNVD-200412-1106	date:	2004-12-31T00:00:00
db:	NVD	id:	CVE-2004-2422	date:	2004-12-31T05:00:00