Ipswitch IMail Server < 2006.2 Multiple Overflows

medium Nessus Network Monitor Plugin ID 3938

Synopsis

The remote mail server is affected by multiple buffer overflow vulnerabilities.

Description

The remote host is running Ipswitch Collaboration Suite / IMail, commercial messaging and collaboration suites for Windows. According to its banner, the version of Ipswitch Collaboration Suite / IMail installed on the remote host has several unspecified buffer overflows in various service components as well as one in an ActiveX control. An attacker may be able to leverage these issues to crash the affected service or execute arbitrary code remotely by default with LOCAL SYSTEM privileges.

Solution

Upgrade to version 2006.2 or higher.

See Also

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487

http://archives.neohapsis.com/archives/bugtraq/2007-03/0021.html

http://support.ipswitch.com/kb/IM-20070305-JH01.htm

http://www.ipswitch.com/support/ics/updates/ics20062.asp

Plugin Details

Severity: Medium

ID: 3938

Family: POP Server

Published: 3/7/2007

Updated: 3/6/2019

Nessus ID: 24782

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ipswitch:imail

Reference Information

CVE: CVE-2007-1637

BID: 22852