Ipswitch IMail Server < 2006.21 Multiple Vulnerabilities

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote mail server is affected by multiple vulnerabilities.

Description :

The remote host is running Ipswitch IMail, a commercial messaging and
collaboration suite for Windows.

According to its banner, the version of Ipswitch IMail installed on
the remote host has several buffer overflows in its IMAP service
component, one of which can be exploited prior to authentication to
execute arbitrary code with SYSTEM privileges.

In addition, there is also an denial of service issue that can cause
the IM Server to crash without authentication.

See also :

http://www.nessus.org/u?194eb0fd
http://www.securityfocus.com/archive/1/474040/30/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-07-042.html
http://www.zerodayinitiative.com/advisories/ZDI-07-043.html
http://seclists.org/bugtraq/2007/Jul/275
http://seclists.org/bugtraq/2007/Jul/277
http://www.ipswitch.com/support/imail/releases/im200621.asp

Solution :

Upgrade to Ipswitch IMail version 2006.21 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 25737 (ipswitch_imail_2006_21.nasl)

Bugtraq ID: 24962

CVE ID: CVE-2007-2795
CVE-2007-3925
CVE-2007-3926
CVE-2007-3927

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now