CVE-2006-0447
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE.
Múltiples desbordamientos de búfer en E-Post Mail Server 4.10 y SPA-PRO Mail @Solomon 4.00 permite a atacantes remotos ejecutar código de su elección mediante un nombre de usuario largo en las órdenes SMPT (1) AUTH PLAIN o (2) AUTH LOGIN, que no son manejadas adecuadamente por (a) EPSTRS.EXE o (b) SPA-RS.EXE; (3) un nombre de usuario largo en la orden POP3 APOP, que no es manejado adecuadamente por (c) EPSTOP4S, o (d) SPA-POP3S.EXE; (4) una orden IMAP DELETE larga, que no es manejada adecuadamente por (2) EPSTIMAP5S.EXE o (f) SPA-IMAP4S.EXE.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-01-26 CVE Reserved
- 2006-01-27 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.osvdb.org/22761 | Vdb Entry | |
| http://www.osvdb.org/22762 | Vdb Entry | |
| http://www.osvdb.org/22763 | Vdb Entry | |
| http://www.securityfocus.com/bid/16379 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/0318 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24331 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24333 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24334 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/18480 | 2017-07-20 | |
| http://secunia.com/secunia_research/2006-1/advisory | 2017-07-20 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| E-post Corporation Search vendor "E-post Corporation" | Mail Server Search vendor "E-post Corporation" for product "Mail Server" | 4.10 Search vendor "E-post Corporation" for product "Mail Server" and version "4.10" | - |
Affected
| ||||||
| E-post Corporation Search vendor "E-post Corporation" | Mail Server Search vendor "E-post Corporation" for product "Mail Server" | enterprise_4.10 Search vendor "E-post Corporation" for product "Mail Server" and version "enterprise_4.10" | - |
Affected
| ||||||
| E-post Corporation Search vendor "E-post Corporation" | Smtp Server Search vendor "E-post Corporation" for product "Smtp Server" | 4.10 Search vendor "E-post Corporation" for product "Smtp Server" and version "4.10" | - |
Affected
| ||||||
| E-post Corporation Search vendor "E-post Corporation" | Smtp Server Search vendor "E-post Corporation" for product "Smtp Server" | enterprise_4.10 Search vendor "E-post Corporation" for product "Smtp Server" and version "enterprise_4.10" | - |
Affected
| ||||||
| E-post Corporation Search vendor "E-post Corporation" | Spa-pro Mail Atsolomon Search vendor "E-post Corporation" for product "Spa-pro Mail Atsolomon" | 4.00 Search vendor "E-post Corporation" for product "Spa-pro Mail Atsolomon" and version "4.00" | - |
Affected
| ||||||
| E-post Corporation Search vendor "E-post Corporation" | Spa-pro Mail Atsolomon Search vendor "E-post Corporation" for product "Spa-pro Mail Atsolomon" | enterprise_4.00 Search vendor "E-post Corporation" for product "Spa-pro Mail Atsolomon" and version "enterprise_4.00" | - |
Affected
| ||||||