Sign-up

ID

VAR-200412-0389


CVE

CVE-2004-2423


TITLE

Ipswitch IMail Server Multiple Buffer Overflow Service Rejection Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-160

DESCRIPTION

Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content.". It is reported that IMail is susceptible to multiple buffer overflow denial of service vulnerabilities. It is conjectured that it may be possible for an attacker to execute arbitrary code in the context of the affected server application. Versions of the application prior to 8.13 are reported affected by these vulnerabilities. TITLE: IMail Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA12453 VERIFY ADVISORY: http://secunia.com/advisories/12453/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: IMail Server 8.x http://secunia.com/product/3048/ DESCRIPTION: Various vulnerabilities have been reported in IMail, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). 1) An unspecified error within the Queue Manager can be exploited to cause a crash via an overly long sender field. 3) An unspecified error within the Web Messaging can potentially be exploited to cause a crash via an overly long "To:" line. SOLUTION: Apply IMail Server 8.13 patch. http://www.ipswitch.com/support/imail/releases/imail_professional/im813.html PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://support.ipswitch.com/kb/IM-20040902-DM01.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2004-2423 // BID: 11106 // VULHUB: VHN-10851 // PACKETSTORM: 34264

AFFECTED PRODUCTS

vendor:ipswitchmodel:imailscope:eqversion:8.0.3

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:7.12

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:7.1

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:7.0.7

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:7.0.6

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:7.0.5

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:7.0.4

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:7.0.3

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:7.0.2

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:7.0.1

Trust: 1.9

vendor:ipswitchmodel:imailscope:eqversion:8.1

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:8.0.5

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:6.4

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:6.3

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:6.2

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:6.1

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.6

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.5

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.4

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.3

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.2

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:6.0.1

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:6.0

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:5.0.8

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:5.0.7

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:5.0.6

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:5.0.5

Trust: 1.3

vendor:ipswitchmodel:imailscope:eqversion:5.0

Trust: 1.3

vendor:ipswitchmodel:imailscope:neversion:8.13

Trust: 0.3

sources: BID: 11106 // CNNVD: CNNVD-200412-160 // NVD: CVE-2004-2423

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2423
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200412-160
value: MEDIUM

Trust: 0.6

VULHUB: VHN-10851
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-2423
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10851
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10851 // CNNVD: CNNVD-200412-160 // NVD: CVE-2004-2423

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2423

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-160

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 11106 // CNNVD: CNNVD-200412-160

EXTERNAL IDS

db:BIDid:11106

Trust: 2.0

db:SECUNIAid:12453

Trust: 1.8

db:OSVDBid:9553

Trust: 1.7

db:NVDid:CVE-2004-2423

Trust: 1.7

db:SECTRACKid:1011146

Trust: 1.7

db:CNNVDid:CNNVD-200412-160

Trust: 0.7

db:XFid:17220

Trust: 0.6

db:VULHUBid:VHN-10851

Trust: 0.1

db:PACKETSTORMid:34264

Trust: 0.1

sources: VULHUB: VHN-10851 // BID: 11106 // PACKETSTORM: 34264 // CNNVD: CNNVD-200412-160 // NVD: CVE-2004-2423

REFERENCES

url:http://www.securityfocus.com/bid/11106

Trust: 1.7

url:http://support.ipswitch.com/kb/im-20040902-dm01.htm#fixes

Trust: 1.7

url:http://www.osvdb.org/9553

Trust: 1.7

url:http://securitytracker.com/id?1011146

Trust: 1.7

url:http://secunia.com/advisories/12453

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/17220

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/17220

Trust: 0.6

url:http://support.ipswitch.com/kb/im-20040902-dm01.htm

Trust: 0.4

url:http://www.ipswitch.com/support/imail/patch-upgrades.html

Trust: 0.3

url:http://www.ipswitch.com/products/imail_server/index.html

Trust: 0.3

url:http://www.ipswitch.com/support/imail/releases/imail_professional/im813.html

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/3048/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/12453/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-10851 // BID: 11106 // PACKETSTORM: 34264 // CNNVD: CNNVD-200412-160 // NVD: CVE-2004-2423

CREDITS

Ipswitch

Trust: 0.6

sources: CNNVD: CNNVD-200412-160

SOURCES

db:VULHUBid:VHN-10851
db:BIDid:11106
db:PACKETSTORMid:34264
db:CNNVDid:CNNVD-200412-160
db:NVDid:CVE-2004-2423

LAST UPDATE DATE

2024-08-14T14:16:09.976000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-10851date:2017-07-11T00:00:00
db:BIDid:11106date:2004-09-03T00:00:00
db:CNNVDid:CNNVD-200412-160date:2005-10-20T00:00:00
db:NVDid:CVE-2004-2423date:2017-07-11T01:31:52.967

SOURCES RELEASE DATE

db:VULHUBid:VHN-10851date:2004-12-31T00:00:00
db:BIDid:11106date:2004-09-03T00:00:00
db:PACKETSTORMid:34264date:2004-09-09T06:47:23
db:CNNVDid:CNNVD-200412-160date:2004-12-31T00:00:00
db:NVDid:CVE-2004-2423date:2004-12-31T05:00:00