CVE-2008-0945

Ipswitch IM Server < 2.0.8.1 - Authenticated Denial of Service via Format String in IP Address Field

Title source: llm
STIX 2.1

Description

Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field.

References (6)

Core 6
Core References
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/ipsimene-adv.txt
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/487748/100/200/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27677
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3697
Various Sources x_refsource_misc
http://aluigi.org/poc/ipsimene.zip
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28824

Scores

EPSS 0.0688
EPSS Percentile 93.2%

Details

CWE
CWE-134
Status published
Products (2)
ipswitch/imserver < 2.0.8.1
ipswitch/instant_messaging < 2.0.8.1
Published Feb 25, 2008
Tracked Since Feb 18, 2026