CVE-2005-3640

Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.lucaercoli.it/advs/FTGate4.txt	Exploit Vendor Advisory
http://www.securityfocus.com/bid/15449	Exploit
http://archives.neohapsis.com/archives/bugtraq/2005-11/0213.html
http://www.osvdb.org/20917
http://secunia.com/advisories/17609	Vendor Advisory
http://www.vupen.com/english/advisories/2005/2478	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/23101

Configurations

Configuration 1 (hide)

cpe:2.3:a:floosietek:ftgate:4_4.1:*:*:*:*:*:*:*

Information

Published : 2005-11-16 13:22

Updated : 2017-07-10 18:33

NVD link : CVE-2005-3640

Mitre link : CVE-2005-3640

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

floosietek

ftgate

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.lucaercoli.it/advs/FTGate4.txt", "name": "http://www.lucaercoli.it/advs/FTGate4.txt", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/15449", "name": "15449", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0213.html", "name": "20051116 Buffer Overrun in FTGate4 Groupware Mail server", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.osvdb.org/20917", "name": "20917", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/17609", "name": "17609", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2005/2478", "name": "ADV-2005-2478", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23101", "name": "ftgate4-groupware-imap-bo(23101)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-3640", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-11-16T21:22Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:floosietek:ftgate:4_4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:33Z"}

10.0 /10