Detections
Analytics
IA eMailServer IMAP SEARCH Command Remote Overflow
medium Nessus Plugin ID 20960
Language:
Synopsis
The remote IMAP server is susceptible to buffer overflow attacks.Description
The remote host is running IA eMailServer, a commercial messaging system for Windows.The IMAP server bundled with the version of IA eMailServer installed on the remote host crashes when it receives a SEARCH command argument of 560 or more characters. An authenticated attacker could exploit this issue to crash the service and possibly to execute arbitrary code remotely.
Note that IA eMailServer can be configured to run as a service with LOCAL SYSTEM privileges, although this is not the default.
Solution
Unknown at this time.See Also
https://www.securityfocus.com/archive/1/425586/30/0/threaded
Plugin Details
Severity: Medium
ID: 20960
File Name: ia_emailserver_search_overflow.nasl
Version: 1.16
Type: remote
Agent: windows
Family: Windows
Published: 2/22/2006
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Vulnerability Information
Required KB Items: imap/login, imap/password
Excluded KB Items: imap/false_imap, imap/overflow
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 2/20/2006
Reference Information
CVE: CVE-2006-0853
BID: 16744