Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2007-2795 | First vendor Publication | 2009-01-27 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2795 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2009-09-14 | IPSwitch IMAP Server <= 9.20 Remote Buffer Overflow Exploit |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 36222 | Ipswitch IMail IMAP SUBSCRIBE Command Overflow The IMail Server and Ipswitch Collaboration suite contain flaw in the 'SUBSCRIBE' command of the IMAP daemon running listening on port 143 that allows attackers to execute arbitrary code. Attackers once authenticated can pass a long string to the command thereby causing a exploitable stack-based overflow. |
| 36221 | Ipswitch IMail Imailsec.dll Authentication Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | login buffer overflow attempt RuleID : 1842-community - Revision : 34 - Type : PROTOCOL-IMAP |
| 2014-01-10 | login buffer overflow attempt RuleID : 1842 - Revision : 34 - Type : PROTOCOL-IMAP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-07-19 | Name : The remote mail server is affected by multiple vulnerabilities. File : ipswitch_imail_2006_21.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:12:24 |
|
| 2024-11-28 12:12:24 |
|
| 2021-05-05 01:03:37 |
|
| 2021-05-04 12:05:49 |
|
| 2021-04-22 01:06:22 |
|
| 2020-05-23 01:38:15 |
|
| 2020-05-23 00:19:49 |
|
| 2016-04-26 16:09:52 |
|
| 2014-02-17 10:40:14 |
|
| 2014-01-19 21:24:09 |
|
| 2013-05-11 10:26:20 |
|
