Detections
Analytics
Ipswitch IMail Server IMAP LIST Command Remote Overflow DoS
high Nessus Plugin ID 20320
Language:
Synopsis
The remote IMAP server is affected by a denial of service vulnerability.Description
The remote host is running Ipswitch Collaboration Suite or IMail Server, commercial messaging and collaboration suites for Windows.The version of Ipswitch Collaboration Suite / IMail server installed on the remote host contains an IMAP server that suffers from a denial of service flaw. Using a specially crafted LIST command of around 8000 bytes, an authenticated attacker can crash the IMAP server on the affected host, thereby denying service to legitimate users.
Solution
Upgrade to Ipswitch Collaboration Suite 2.02 / IMail 8.22 or later.See Also
http://www.nessus.org/u?60ba29e7
https://community.ipswitch.com/s/
http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp
Plugin Details
Severity: High
ID: 20320
File Name: ipswitch_imail_imapd_list_overflow.nasl
Version: 1.20
Type: remote
Agent: windows
Family: Windows
Published: 12/19/2005
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: cpe:/a:ipswitch:imail
Excluded KB Items: imap/false_imap, imap/overflow
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 12/6/2005
Reference Information
CVE: CVE-2005-2923
BID: 15753
CWE: 20