ID

VAR-200512-0832


CVE

CVE-2005-3526


TITLE

Ipswitch Collaboration Suite Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-06-003

DESCRIPTION

Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. Authentication is required to exploit this vulnerability.This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow. The vulnerability presents itself when the server handles a specially crafted IMAP FETCH command. This may result in memory corruption leading to a denial-of-service condition or arbitrary code execution. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. TITLE: Ipswitch IMail Server/Collaboration Suite IMAP FETCH Vulnerability SECUNIA ADVISORY ID: SA19168 VERIFY ADVISORY: http://secunia.com/advisories/19168/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: IMail Secure Server 2006 http://secunia.com/product/8651/ IMail Server 2006 http://secunia.com/product/8653/ Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ DESCRIPTION: A vulnerability has been reported in Ipswitch IMail Server/Collaboration Suite, which can be exploited by malicious users to cause a DoS (Denial of Service). This can be exploited to cause a buffer overflow, which crashes the server. Ipswitch Collaboration Suite 2006 Premium Edition: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-premium200603.exe Ipswitch Collaboration Suite 2006 Standard Edition: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-standard200603.exe IMail Secure Server 2006: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imailsecure200603.exe IMail Server 2006: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail200603.exe PROVIDED AND/OR DISCOVERED BY: The vendor credits 3Com's Zero Day Initiative. ORIGINAL ADVISORY: http://www.ipswitch.com/support/ics/updates/ics200603prem.asp http://www.ipswitch.com/support/ics/updates/ics200603stan.asp http://www.ipswitch.com/support/imail/releases/imsec200603.asp http://www.ipswitch.com/support/imail/releases/im200603.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-003.html March 13, 2006 -- CVE ID: CVE-2005-3526 -- Affected Vendor: Ipswitch -- Affected Products: Ipswitch Collaboration Suite 2006.02 and below -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since December 13, 2005 by Digital Vaccine protection filter ID 3982. -- Vendor Response: >>From http://www.ipswitch.com/support/ics/updates/ics200603prem.asp: "IMAP: Corrected a vulnerability issue where a properly crafted Fetch command causes IMAP to crash with a buffer overflow (disclosed by TippingPoint, a division of 3Com)." -- Disclosure Timeline: 2005.12.13 - Vulnerability reported to vendor 2005.12.13 - Digital Vaccine released to TippingPoint customers 2006.03.13 - Public release of advisory -- Credit: This vulnerability was discovered by Manuel Santamarina Suarez aka 'FistFuXXer'. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 2.07

sources: NVD: CVE-2005-3526 // ZDI: ZDI-06-003 // BID: 17063 // VULHUB: VHN-14735 // PACKETSTORM: 44545 // PACKETSTORM: 44619

AFFECTED PRODUCTS

vendor:ipswitchmodel:collaboration suitescope:eqversion:2006.02_standard

Trust: 1.6

vendor:ipswitchmodel:collaboration suitescope:eqversion:2006.02_premium

Trust: 1.6

vendor:ipswitchmodel:imailscope: - version: -

Trust: 0.7

vendor:ipswitchmodel:collaboration suite standard editionscope:eqversion:2006

Trust: 0.3

vendor:ipswitchmodel:collaboration suite premium editionscope:eqversion:2006

Trust: 0.3

vendor:ipswitchmodel:imail serverscope:eqversion:2006

Trust: 0.3

vendor:ipswitchmodel:imail secure serverscope:eqversion:2006

Trust: 0.3

vendor:ipswitchmodel:collaboration suite standard editionscope:neversion:2006.03

Trust: 0.3

vendor:ipswitchmodel:collaboration suite premium editionscope:neversion:2006.03

Trust: 0.3

vendor:ipswitchmodel:imail serverscope:neversion:2006.03

Trust: 0.3

vendor:ipswitchmodel:imail secure serverscope:neversion:2006.03

Trust: 0.3

sources: ZDI: ZDI-06-003 // BID: 17063 // CNNVD: CNNVD-200512-666 // NVD: CVE-2005-3526

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-3526
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200512-666
value: MEDIUM

Trust: 0.6

VULHUB: VHN-14735
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-3526
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-14735
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-14735 // CNNVD: CNNVD-200512-666 // NVD: CVE-2005-3526

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3526

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-666

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200512-666

PATCH

title:Ipswitch has issued an update to correct this vulnerability.url:http://www.ipswitch.com/support/ics/updates/ics200603prem.asp

Trust: 0.7

sources: ZDI: ZDI-06-003

EXTERNAL IDS

db:NVDid:CVE-2005-3526

Trust: 2.7

db:ZDIid:ZDI-06-003

Trust: 2.5

db:BIDid:17063

Trust: 2.0

db:SECUNIAid:19168

Trust: 1.8

db:SREASONid:577

Trust: 1.7

db:SECTRACKid:1015759

Trust: 1.7

db:VUPENid:ADV-2006-0907

Trust: 1.7

db:OSVDBid:23796

Trust: 1.7

db:ZDI_CANid:ZDI-CAN-009

Trust: 0.7

db:CNNVDid:CNNVD-200512-666

Trust: 0.7

db:BUGTRAQid:20060313 ZDI-06-003: IPSWITCH COLLABORATION SUITE CODE EXECUTION VULNERABILITY

Trust: 0.6

db:NSFOCUSid:8565

Trust: 0.6

db:XFid:25133

Trust: 0.6

db:VULHUBid:VHN-14735

Trust: 0.1

db:PACKETSTORMid:44545

Trust: 0.1

db:PACKETSTORMid:44619

Trust: 0.1

sources: ZDI: ZDI-06-003 // VULHUB: VHN-14735 // BID: 17063 // PACKETSTORM: 44545 // PACKETSTORM: 44619 // CNNVD: CNNVD-200512-666 // NVD: CVE-2005-3526

REFERENCES

url:http://www.ipswitch.com/support/ics/updates/ics200603prem.asp

Trust: 2.5

url:http://www.zerodayinitiative.com/advisories/zdi-06-003.html

Trust: 1.8

url:http://www.securityfocus.com/bid/17063

Trust: 1.7

url:http://www.osvdb.org/23796

Trust: 1.7

url:http://securitytracker.com/id?1015759

Trust: 1.7

url:http://secunia.com/advisories/19168

Trust: 1.7

url:http://securityreason.com/securityalert/577

Trust: 1.7

url:http://www.securityfocus.com/archive/1/427536/100/0/threaded

Trust: 1.1

url:http://www.vupen.com/english/advisories/2006/0907

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/25133

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/25133

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/0907

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/427536/100/0/threaded

Trust: 0.6

url:http://www.nsfocus.net/vulndb/8565

Trust: 0.6

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/8652/

Trust: 0.1

url:http://www.ipswitch.com/support/imail/releases/im200603.asp

Trust: 0.1

url:http://secunia.com/product/8653/

Trust: 0.1

url:http://www.ipswitch.com/support/ics/updates/ics200603stan.asp

Trust: 0.1

url:http://secunia.com/advisories/19168/

Trust: 0.1

url:http://www.ipswitch.com/support/imail/releases/imsec200603.asp

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/8651/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://www.tippingpoint.com

Trust: 0.1

url:http://www.zerodayinitiative.com

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:http://www.ipswitch.com/support/ics/updates/ics200603prem.asp:

Trust: 0.1

sources: ZDI: ZDI-06-003 // VULHUB: VHN-14735 // PACKETSTORM: 44545 // PACKETSTORM: 44619 // CNNVD: CNNVD-200512-666 // NVD: CVE-2005-3526

CREDITS

Manuel Santamarina Suarez

Trust: 0.7

sources: ZDI: ZDI-06-003

SOURCES

db:ZDIid:ZDI-06-003
db:VULHUBid:VHN-14735
db:BIDid:17063
db:PACKETSTORMid:44545
db:PACKETSTORMid:44619
db:CNNVDid:CNNVD-200512-666
db:NVDid:CVE-2005-3526

LAST UPDATE DATE

2024-11-23T22:20:09.146000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-06-003date:2020-04-17T00:00:00
db:VULHUBid:VHN-14735date:2018-10-19T00:00:00
db:BIDid:17063date:2007-02-20T15:56:00
db:CNNVDid:CNNVD-200512-666date:2006-08-30T00:00:00
db:NVDid:CVE-2005-3526date:2024-11-21T00:02:06.580

SOURCES RELEASE DATE

db:ZDIid:ZDI-06-003date:2006-03-13T00:00:00
db:VULHUBid:VHN-14735date:2005-12-31T00:00:00
db:BIDid:17063date:2006-03-10T00:00:00
db:PACKETSTORMid:44545date:2006-03-11T02:24:56
db:PACKETSTORMid:44619date:2006-03-13T21:51:14
db:CNNVDid:CNNVD-200512-666date:2005-12-31T00:00:00
db:NVDid:CVE-2005-3526date:2005-12-31T05:00:00