Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gain root remotely >> Ipswitch Collaboration Suite / IMail SMTPD Format String Vulnerability


Vulnerability Assessment Details

Ipswitch Collaboration Suite / IMail SMTPD Format String Vulnerability

Vulnerability Assessment Summary
Checks for format string vulnerability in Ipswitch Collaboration Suite / IMail SMTPD

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote SMTP server is affected by a format string vulnerability.

Description :

The remote host is running Ipswitch Collaboration Suite or IMail
Server, commercial messaging and collaboration suites for Windows.

The version of Ipswitch Collaboration Suite / IMail server installed
on the remote host contains an SMTP server that suffers from a format
string flaw. By supplying a specially formatted argument to the
'EXPN', 'MAIL', 'MAIL FROM', or 'RCPT TO' commands, a remote attacker
may be able to corrupt memory on the affected host, crash the service,
or even execute arbitrary code remotely.

See also :

http://www.idefense.com/application/poi/display?id=346&type=vulnerabilities
http://www.ipswitch.com/support/ics/updates/ics202.asp
http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp

Solution :

Upgrade to Ipswitch Collaboration Suite 2.02 / IMail 8.22 or later.

Network Security Threat Level:

High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:I)

Networks Security ID: 15752

Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security

Cables, Connectors


Cisco Catalyst 1000 Series 24 port GE, 4x1G SFP Switch C1000-24T-4G-L picture

Cisco Catalyst 1000 Series 24 port GE, 4x1G SFP Switch C1000-24T-4G-L

$269.00



Cisco Nexus N9K-C9372TX 48P 10G Gigabit Ethernet 6x QSFP+ 40G Switch 2x650W PSU picture

Cisco Nexus N9K-C9372TX 48P 10G Gigabit Ethernet 6x QSFP+ 40G Switch 2x650W PSU

$189.99



Cisco Catalyst WS-C3750X-48P-S Poe+ & C3KX-NM-10G 10G Network Module picture

Cisco Catalyst WS-C3750X-48P-S Poe+ & C3KX-NM-10G 10G Network Module

$72.00



Cisco Nexus N9K-C92160YC-X 48P 25GbE SFP28 6P QSFP+/QSFP28 PE Switch picture

Cisco Nexus N9K-C92160YC-X 48P 25GbE SFP28 6P QSFP+/QSFP28 PE Switch

$475.00



🔥🔥🔥Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver 10-2415-03 🔥🔥🔥 picture

🔥🔥🔥Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver 10-2415-03 🔥🔥🔥

$8.00



Cisco 2960S PoE+ WS-C2960S-48LPS-L Gigabit Ethernet Network Switch w/ Ears picture

Cisco 2960S PoE+ WS-C2960S-48LPS-L Gigabit Ethernet Network Switch w/ Ears

$55.99



Cisco Catalyst 3850 48-Port GbE PoE+ Managed Network Switch WS-C3850-48F-S picture

Cisco Catalyst 3850 48-Port GbE PoE+ Managed Network Switch WS-C3850-48F-S

$54.99



C3KX-NM-10G Genuine Cisco 2 Port 10GB SFP+ Network Module 3560X 3750X Catalyst picture

C3KX-NM-10G Genuine Cisco 2 Port 10GB SFP+ Network Module 3560X 3750X Catalyst

$19.99



Cisco WS-C3850-48P-S  Catalyst 48 Port 1GB PoE+ RJ-45 Switch - Same Day Shipping picture

Cisco WS-C3850-48P-S Catalyst 48 Port 1GB PoE+ RJ-45 Switch - Same Day Shipping

$118.99



New | CISCO NEXUS N2K-C2348UPQ-10GE V02 48-PORTS 10Gb SFP DUAL N2200-PAC-400W picture

New | CISCO NEXUS N2K-C2348UPQ-10GE V02 48-PORTS 10Gb SFP DUAL N2200-PAC-400W

$129.99



Discussions

No Discussions have been posted on this vulnerability.