OSVDB ID: 17844

Title: MailEnable IMAP STATUS Command Remote Overflow

Info

Disclosure
Jul 12, 2005

Discovery
Unknown

Dates

Exploit
Jul 12, 2005

Solution
Jun 30, 2005

Description

 A remote overflow exists in MailEnable Professional and Enterprise. The product fails to validate input to the IMAP STATUS command resulting in a stack-based buffer overflow. With a specially crafted request, an authenticated attacker can cause the service to fail, and may be able to execute arbitrary code with System privileges, resulting in a loss of integrity.

Classification

 Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS, Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified

Solution

 Upgrade to MailEnable Professional version 1.6, MailEnable Enterprise version 1.1 or higher, as it has been reported to fix this vulnerability. In addition, MailEnable has released a patch for some older versions.

Products

MailEnable Pty. Ltd.

MailEnable Professional

 1.5
1.51
1.52
1.53
1.54

MailEnable Enterprise

 1.0
1.01
1.02
1.03
1.04

References

Credit
  • Ariel Sanchez - advisoriescoresecurity.com - Core Security Technologies


Direct URL: http://osvdb.org/17844