CVE-2007-2795: Buffer Overflow
First published: Tue Jan 27 2009(Updated: )
Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ipswitch IMail | =2006.1 | |
| Ipswitch IMail | <=2006.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-2795?
The severity of CVE-2007-2795 is considered high due to the potential for remote code execution.
How do I fix CVE-2007-2795?
To fix CVE-2007-2795, upgrade to a version of Ipswitch IMail released after 2006.21.
What types of attacks are possible due to CVE-2007-2795?
CVE-2007-2795 allows remote attackers to exploit buffer overflows for executing arbitrary code.
Which versions of Ipswitch IMail are affected by CVE-2007-2795?
CVE-2007-2795 affects Ipswitch IMail versions up to and including 2006.2.
What components of Ipswitch IMail are vulnerable due to CVE-2007-2795?
CVE-2007-2795 vulnerabilities lie in the IMailsec.dll authentication feature and the handling of long IMAP SUBSCRIBE commands.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ipswitch
- canonical/ipswitch imail
- version/ipswitch imail/2006.1
- version/ipswitch imail/2006.2