OSVDB ID: 21109

Title: MailEnable IMAP Service (meimaps.exe) Crafted RENAME Command Remote DoS

Info

Disclosure

Nov 24, 2005

Discovery

Unknown

Dates

Exploit

Nov 24, 2005

Solution

Unknown

Description

MailEnable contains a flaw that may allow a remote denial of service. The issue is triggered when an authenticated user sends an IMAP rename message with non-existent mailbox names to the IMAP server, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, MailEnable has released a hotfix to address this vulnerability.

Products

MailEnable Pty. Ltd.	MailEnable Enterprise Edition	1.1
MailEnable Pty. Ltd.	MailEnable Professional Edition	1.7

References

Security Tracker: 1015268
Bugtraq ID: 15556
Secunia Advisory ID: 17740
CVE ID: 2005-3813 (see also: NVD)
Related OSVDB ID: 21109
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0833.html
Vendor URL: http://www.mailenable.com
Vendor Specific Solution URL: http://www.mailenable.com/hotfix/MEIMAPS.ZIP

Credit

Josh Zlatin-Amishav - jzlatinramat.cc -

Direct URL: http://osvdb.org/21109

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

MailEnable Pty. Ltd.

MailEnable Enterprise Edition

MailEnable Professional Edition

References

Credit