CVE-2005-0315

The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=110685011825461&w=2
http://secunia.com/advisories/14053
http://securitytracker.com/id?1013017
http://www.securityfocus.com/bid/12388	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19115
http://marc.info/?l=bugtraq&m=110685011825461&w=2
http://secunia.com/advisories/14053
http://securitytracker.com/id?1013017
http://www.securityfocus.com/bid/12388	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19115

Configurations

Configuration 1 (hide)

cpe:2.3:a:amax_information_technologies:magic_winmail_server:4.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-01-27 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-0315

Mitre link : CVE-2005-0315

CVE.ORG link : CVE-2005-0315

JSON object : View

Products Affected

amax_information_technologies

magic_winmail_server

CWE

NVD-CWE-Other

{"id": "CVE-2005-0315", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-01-27T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=110685011825461&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/14053", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1013017", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/12388", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19115", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=110685011825461&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/14053", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1013017", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/12388", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19115", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:amax_information_technologies:magic_winmail_server:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "661FB8A8-F851-44B8-90C4-4636A2C0AED3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}