[Japanese]

JVNDB-2018-000102

Multiple vulnerabilities in Denbun

Overview

Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below.

* Hard-coded credentials for user account (CWE-798) - CVE-2018-0680
* Hard-coded credentials for the configuration management page (CWE-798) - CVE-2018-0681
* Improper session management (CWE-639) - CVE-2018-0682
* Stack-based buffer overflow due to a flaw in processing Cookie data (CWE-121) - CVE-2018-0683
* Stack-based buffer overflow due to a flaw in processing multipart/form-data format data (CWE-121) - CVE-2018-0684
* SQL injection due to a flaw in processing HTTP requests for mail search (CWE-89) - CVE-2018-0685
* Arbitrary executable files can be uploaded (CWE-434) - CVE-2018-0686
* Cross-site scripting in HTML mail view (CWE-79) - CVE-2018-0687
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-0680

CVSS V3 Severity:
Base Metrics: 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics: 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-0681

CVSS V3 Severity:
Base Metrics: 4.8 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0682

CVSS V3 Severity:
Base Metrics: 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics: 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-0683

CVSS V3 Severity:
Base Metrics: 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics: 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-0684

CVSS V3 Severity:
Base Metrics: 6.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics: 6.5 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-0685

CVSS V3 Severity:
Base Metrics: 8.8 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics: 6.5 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-0686

CVSS V3 Severity:
Base Metrics: 6.1 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-0687
Affected Products


NEOJAPAN,Inc.
  • Denbun IMAP version V3.3I R4.0 and earlier (CVE-2018-0680, CVE-2018-0681, CVE-2018-0682, CVE-2018-0683, CVE-2018-0686, CVE-2018-0687)
  • Denbun IMAP version V3.3I R3.0 and earlier (CVE-2018-0684)
  • Denbun POP version V3.3P R4.0 and earlier (CVE-2018-0680, CVE-2018-0681, CVE-2018-0682, CVE-2018-0683, CVE-2018-0685, CVE-2018-0686, CVE-2018-0687)
  • Denbun POP version V3.3P R3.0 and earlier (CVE-2018-0684)

Impact

* A remote attacker may read and/or send mail, may change the configuration. - CVE-2018-0680, CVE-2018-0682
* A remote attacker may log in to the Management page and modify the mail server configuration. - CVE-2018-0681
* A remote attacker may be able to execute arbitrary code or cause a denial-of-service (DoS) condition. - CVE-2018-0683, CVE-2018-0684
* A logged in user may execute arbitrary SQL statements. - CVE-2018-0685
* A logged in user may upload and execute any executable files. - CVE-2018-0686
* An arbitrary script may be executed on a logged in user's web browser. - CVE-2018-0687
Solution

[Update the Software] - CVE-2018-0680, CVE-2018-0681, CVE-2018-0682, CVE-2018-0683, CVE-2018-0684, CVE-2018-0685, CVE-2018-0687
Update to the latest version according to the information provided by the developer.

[Apply Workaround] - CVE-2018-0686
Configure the web server to restrict execution of uploaded files

For more information, refer to the information provided by the developer.
Vendor Information

NEOJAPAN,Inc.
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
  2. Credentials Management(CWE-255) [IPA Evaluation]
  3. Permissions(CWE-264) [IPA Evaluation]
  4. Cross-site Scripting(CWE-79) [IPA Evaluation]
  5. SQL Injection(CWE-89) [IPA Evaluation]
  6. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2018-0680
  2. CVE-2018-0681
  3. CVE-2018-0682
  4. CVE-2018-0683
  5. CVE-2018-0684
  6. CVE-2018-0685
  7. CVE-2018-0686
  8. CVE-2018-0687
References

  1. JVN : JVN#00344155
  2. National Vulnerability Database (NVD) : CVE-2018-0680
  3. National Vulnerability Database (NVD) : CVE-2018-0681
  4. National Vulnerability Database (NVD) : CVE-2018-0682
  5. National Vulnerability Database (NVD) : CVE-2018-0683
  6. National Vulnerability Database (NVD) : CVE-2018-0684
  7. National Vulnerability Database (NVD) : CVE-2018-0685
  8. National Vulnerability Database (NVD) : CVE-2018-0686
  9. National Vulnerability Database (NVD) : CVE-2018-0687
Revision History

  • [2018/10/04]
      Web page was published
  • [2019/07/11]
      References : Contents were added

Date Public2018/10/04
Date First Published2018/10/04
Date Last Updated2019/07/11