############################################################################## # # Ipswitch IMail Server/Collaboration Suite Buffer Overflow Vulnerabilities # # Copyright: OS2A and it's member companies # # Date Written: 2007/03/16 # # $Revision: 1.1 $ # # $Log: os2a_ipswitch_mult_bof_vuln_604194.nasl,v $ # Revision 1.1 2007/03/16 13:41:53 schandan # To Production. Issue #3810 # # Revision 1.1 2007/03/16 11:14:23 karun # ------------------------------------------------------------------------ # This program was written by OS2A and/or it's member companies and is # licensed under the GNU GPL license. Please see below for details. This # header contains information regarding licensing terms under the GPL, and # information regarding obtaining source code from the Author. Consequently, # pursuant to section 3(c) of the GPL, you must accompany the information # found in this header with any distribution you make of this Program. # ------------------------------------------------------------------------ ############################################################################## if(description) { script_id(604194); script_bugtraq_id(22852); script_copyright(english:"Copyright (C) 2007 OS2A"); script_version("$Revision: 1.1 $"); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_name(english:"Ipswitch IMail Server/Collaboration Suite Buffer Overflow Vulnerabilities"); script_summary(english:"Check for the vulnerable version of Ipswitch Products"); desc["english"] = " Overview : This host has Ipswitch products installed, which are prone to buffer overflow vulnerability. The vulnerabilities are caused due to boundary errors within the IMAILAPI.DLL ActiveX control when processing WebConnect and Connect members of IMAILAPILib.IMailServer, Sync3 and Init3 of the IMAILAPILib.IMailLDAPService, and SetReplyTo of IMAILAPILib.IMailUserCollection. Impact : Successful exploitation allows execution of arbitrary code and denial of service (application/system crash). Scope of impact is limited to system level. Affected Software : Ipswitch Collaboration 2006 Suite Standard Edition and prior Ipswitch IMail 2006 and prior Ipswitch IMail Plus 2006 and prior. Affected Platform : Windows (Any). Solution : Upgrade all the above mentioned products to version 2006.2, http://www.ipswitch.com/downloads/index.asp References : http://www.frsirt.com/english/advisories/2007/0853 http://support.ipswitch.com/kb/IM-20070305-JH01.htm CVSS Score : CVSS Base Score : 5.6 (AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N) CVSS Temporal Score : 4.1 Risk factor : Medium"; script_description(english:desc["english"]); script_dependencies("smb_hotfixes.nasl"); script_require_keys("SMB/WindowsVersion"); exit(0); } include("smtp_func.inc"); if(!get_kb_item("SMB/WindowsVersion")){ exit(0); } # Check for IMail by accessing the smtp service banner port = get_kb_item("Services/smtp"); if(!port){ port = 25; } if(get_port_state(port)) { smtpBanner = get_smtp_banner(port:port); if("IMail" >< smtpBanner) { if(egrep(pattern:"IMail ([0-8]\..*|9\.[01]?[0-9])[^0-9]", string:smtpBanner)){ security_warning(port); } exit(0); } } # Check for IMail by accessing the imap service banner port = get_kb_item("Services/imap"); if(!port){ port = 143; } if(get_port_state(port)) { include("imap_func.inc"); imapBanner = get_imap_banner(port:port); if("IMail" >< imapBanner) { if(egrep(pattern:"IMail ([0-8]\..*|9\.[01]?[0-9])[^0-9]", string:imapBanner)){ security_warning(port); } } }