Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3606

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-3606
Last Modified 29 Jan 2009 01:53:57
Published 12 Aug 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-3606

Summary

Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Qbik Wingate 2.0

  • Qbik Wingate 2.1

  • Qbik Wingate 3.0

  • Qbik Wingate 3.0.5

  • Qbik Wingate 4.0.1

  • Qbik Wingate 4.1

  • Qbik Wingate 4.1.0

  • Qbik Wingate 4.1.1

  • Qbik Wingate 4.2.0

  • Qbik Wingate 4.3.0

  • Qbik Wingate 4.4.0

  • Qbik Wingate 4.4.1

  • Qbik Wingate 4.4.2

  • Qbik Wingate 4.5.0

  • Qbik Wingate 4.5.1

  • Qbik Wingate 4.5.2

  • Qbik Wingate 5.0

  • Qbik Wingate 5.0.0

  • Qbik Wingate 5.0.1

  • Qbik Wingate 5.0.1.766

  • Qbik Wingate 5.0.5

  • Qbik Wingate 5.1

  • Qbik Wingate 5.2

  • Qbik Wingate 5.2.2

  • Qbik Wingate 5.2.3

  • Qbik Wingate 6.0

  • Qbik Wingate 6.0.0.984

  • Qbik Wingate 6.0.1.993

  • Qbik Wingate 6.0.1.995

  • Qbik Wingate 6.0.2.1000

  • Qbik Wingate 6.0.2.1001

  • Qbik Wingate 6.0.3.1005

  • Qbik Wingate 6.0.4.1025

  • Qbik Wingate 6.1.1.1077

  • Qbik Wingate 6.1.2.1094

  • Qbik Wingate 6.1.3.1096

  • Qbik Wingate 6.1.4

  • Qbik Wingate 6.2.1

  • Qbik Wingate 6.2.2

  • Qbik Wingate 6.2.2.1137


References

XF - wingate-imapserver-bo(44370)

SECTRACK - 1020644

BID - 30606

BUGTRAQ - 20080808 [AJECT] WinGate Email Server (IMAP) vulnerability

SREASON - 4146

SECUNIA - 31442


Last Updated: 27 May 2016 10:48:14