CVE-2008-7182

Sažetak

Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.

Reference

http://www.netwinsite.com/surgemail/help/updates.htm
http://www.securityfocus.com/archive/1/496482
http://www.securityfocus.com/bid/30000
https://www.exploit-db.com/exploits/5968

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

29-09-2017 - 01:33

Objavljeno

08-09-2009 - 10:30