VAR-200212-0158
Vulnerability from variot - Updated: 2025-04-03 22:19iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow. A buffer overflow vulnerability has been reported for iSMTP Gateway. The vulnerability occurs due to inappropriate bounds checking when processing user-supplied input. An attacker can exploit this vulnerability by sending an overly long command to the vulnerable system. When the system receives this input it will crash. It may be possible that code execution may be possible, however, this has not been confirmed. iSMTP Gateway is a mail gateway software developed by Incognito System, running on the Banyan VINES operating system. Carefully crafted submission data may execute arbitrary commands with the privileges of the iSMTP process, although this has not been proven
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0158",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ismtp gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "incognito",
"version": "5.0.1"
},
{
"model": "software inc ismtp gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "incognito",
"version": "5.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "6151"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-822"
},
{
"db": "NVD",
"id": "CVE-2002-1985"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "K. K. Mookhey\u203b cto@nii.co.in",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-822"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1985",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1985",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-6368",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1985",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-822",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6368",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6368"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-822"
},
{
"db": "NVD",
"id": "CVE-2002-1985"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long \"MAIL FROM\" command, possibly triggering a buffer overflow. A buffer overflow vulnerability has been reported for iSMTP Gateway. The vulnerability occurs due to inappropriate bounds checking when processing user-supplied input. \nAn attacker can exploit this vulnerability by sending an overly long command to the vulnerable system. When the system receives this input it will crash. \nIt may be possible that code execution may be possible, however, this has not been confirmed. iSMTP Gateway is a mail gateway software developed by Incognito System, running on the Banyan VINES operating system. Carefully crafted submission data may execute arbitrary commands with the privileges of the iSMTP process, although this has not been proven",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1985"
},
{
"db": "BID",
"id": "6151"
},
{
"db": "VULHUB",
"id": "VHN-6368"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "6151",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1985",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200212-822",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "3817",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20021111 BUFFER OVERFLOW IN ISMTP GATEWAY",
"trust": 0.6
},
{
"db": "XF",
"id": "10577",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6368",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6368"
},
{
"db": "BID",
"id": "6151"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-822"
},
{
"db": "NVD",
"id": "CVE-2002-1985"
}
]
},
"id": "VAR-200212-0158",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6368"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:19:26.075000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1985"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6151"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/archive/1/299232"
},
{
"trust": 1.7,
"url": "http://www.nii.co.in/vuln/ismtp.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10577.php"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3817"
},
{
"trust": 0.3,
"url": "http://www.incognito.com/"
},
{
"trust": 0.3,
"url": "/archive/1/299232"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6368"
},
{
"db": "BID",
"id": "6151"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-822"
},
{
"db": "NVD",
"id": "CVE-2002-1985"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6368"
},
{
"db": "BID",
"id": "6151"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-822"
},
{
"db": "NVD",
"id": "CVE-2002-1985"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6368"
},
{
"date": "2002-11-11T00:00:00",
"db": "BID",
"id": "6151"
},
{
"date": "2002-11-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-822"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-1985"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6368"
},
{
"date": "2002-11-11T00:00:00",
"db": "BID",
"id": "6151"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-822"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-1985"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-822"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incognito Systems ISMTP Gateway Remote buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-822"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "6151"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-822"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…