Ipswitch IMail Server < 2006.2 Multiple Overflows

Medium Nessus Network Monitor Plugin ID 3936

Synopsis

The remote mail server is affected by multiple buffer overflow vulnerabilities.

Description

The remote host is running Ipswitch Collaboration Suite / IMail, commercial messaging and collaboration suites for Windows. According to its banner, the version of Ipswitch Collaboration Suite / IMail installed on the remote host has several unspecified buffer overflows in various service components as well as one in an ActiveX control. An attacker may be able to leverage these issues to crash the affected service or execute arbitrary code remotely by default with LOCAL SYSTEM privileges.

Solution

Upgrade to version 2006.2 or higher.

See Also

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487

http://archives.neohapsis.com/archives/bugtraq/2007-03/0021.html

http://support.ipswitch.com/kb/IM-20070305-JH01.htm

http://www.ipswitch.com/support/ics/updates/ics20062.asp

Plugin Details

Severity: Medium

ID: 3936

Family: SMTP Servers

Published: 2007/03/07

Modified: 2016/11/23

Dependencies: 2004, 2005

Nessus ID: 24782

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5

Temporal Score: 4.4

Vector: CVSS3#AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ipswitch:imail

Reference Information

BID: 22852