Sign-up

ID

VAR-200412-1061


CVE

CVE-2004-1520


TITLE

IPSwitch IMail 8.13 Remotely DELETE Command buffer overflow vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-722

DESCRIPTION

Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command. Ipswitch IMail is reported prone to a remote buffer overflow vulnerability. This issue exists due to insufficient boundary checks performed by the application. Ipswitch IMail 8.13 is reported prone to this vulnerability. It is possible that other versions are affected as well. Ipswitch IMail Server is a powerful email solution. Ipswitch IMail Server handles the DELETE command incorrectly

Trust: 1.26

sources: NVD: CVE-2004-1520 // BID: 11675 // VULHUB: VHN-9950

AFFECTED PRODUCTS

vendor:ipswitchmodel:imailscope:eqversion:8.13

Trust: 1.9

vendor:ipswitchmodel:imailscope:neversion:8.14

Trust: 0.3

sources: BID: 11675 // CNNVD: CNNVD-200412-722 // NVD: CVE-2004-1520

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1520
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200412-722
value: MEDIUM

Trust: 0.6

VULHUB: VHN-9950
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-1520
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-9950
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-9950 // CNNVD: CNNVD-200412-722 // NVD: CVE-2004-1520

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1520

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200412-722

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 11675 // CNNVD: CNNVD-200412-722

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-9950

EXTERNAL IDS
db:BIDid:11675
Trust: 2.0
db:NVDid:CVE-2004-1520
Trust: 1.7
db:SECUNIAid:13200
Trust: 1.7
db:CNNVDid:CNNVD-200412-722
Trust: 0.7
db:XFid:18058
Trust: 0.6
db:NSFOCUSid:7108
Trust: 0.6
db:BUGTRAQid:20041112 IPSWITCH-IMAIL-8.13 STACK OVERFLOW IN THE DELETE COMMAND
Trust: 0.6
db:SEEBUGid:SSVID-70993
Trust: 0.1
db:SEEBUGid:SSVID-70991
Trust: 0.1
db:EXPLOIT-DBid:16479
Trust: 0.1
db:EXPLOIT-DBid:627
Trust: 0.1
db:EXPLOIT-DBid:1151
Trust: 0.1
db:PACKETSTORMid:83023
Trust: 0.1
db:PACKETSTORMid:82989
Trust: 0.1
db:VULHUBid:VHN-9950
Trust: 0.1
sources:
            
            
            VULHUB: VHN-9950 // 
            
            
            
            BID: 11675 // 
            
            
            
            CNNVD: CNNVD-200412-722 // 
            
            
            
            NVD: CVE-2004-1520

REFERENCES
url:http://www.securityfocus.com/bid/11675
Trust: 1.7
url:http://secunia.com/advisories/13200
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/18058
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=110037283803560&w=2
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/18058
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=110037283803560&w=2
Trust: 0.6
url:http://www.nsfocus.net/vulndb/7108
Trust: 0.6
url:http://www.ipswitch.com/products/imail_server/index.asp
Trust: 0.3
url:http://www.ipswitch.com/support/imail/releases/imail_professional/im814.html
Trust: 0.3
url:/archive/1/381027
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=110037283803560&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-9950 // 
            
            
            
            BID: 11675 // 
            
            
            
            CNNVD: CNNVD-200412-722 // 
            
            
            
            NVD: CVE-2004-1520

CREDITS
Jeromeā€» jerome@athias.fr
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200412-722

SOURCES
db:VULHUBid:VHN-9950
db:BIDid:11675
db:CNNVDid:CNNVD-200412-722
db:NVDid:CVE-2004-1520

LAST UPDATE DATE
2024-08-14T14:08:56.392000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-9950date:2017-07-11T00:00:00
db:BIDid:11675date:2004-11-13T00:00:00
db:CNNVDid:CNNVD-200412-722date:2005-10-20T00:00:00
db:NVDid:CVE-2004-1520date:2017-07-11T01:31:06.277

SOURCES RELEASE DATE
db:VULHUBid:VHN-9950date:2004-12-31T00:00:00
db:BIDid:11675date:2004-11-13T00:00:00
db:CNNVDid:CNNVD-200412-722date:2004-11-13T00:00:00
db:NVDid:CVE-2004-1520date:2004-12-31T05:00:00