MailEnable Buffer Overflow in IMAP Service May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1017276
|
|
SecurityTracker URL: http://securitytracker.com/id?1017276
|
|
CVE Reference: CVE-2006-6290
, CVE-2006-6291
(Links to External Site)
|
Updated: May 27 2008
|
Original Entry Date: Nov 23 2006
|
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 1.x, 2.x
|
Description: A vulnerability was reported in MailEnable. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted data to trigger a buffer overflow in the IMAP service and cause the IMAP service to crash.
It may also be possible to execute arbitrary code on the target system. The code will run with the privileges of the target service.
The vendor did not confirm arbitrary code execution.
The following versions are affected:
1.9-1.82 Professional Edition
1.1-1.30
Enterprise Edition
2.0-2.32 Professional Edition
2.0-2.32 Enterprise Edition
|
Impact: A remote user can cause the IMAP service to crash.
A remote user may also be able to execute arbitrary code on the target system.
|
Solution: The vendor has issued a hotfix (ME-10018), available at:
http://www.mailenable.com/hotfix/ME-10018.ZIP
|
Vendor URL: www.mailenable.com/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (NT), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 23 Nov 2006 14:37:42 -0500
Subject: MailEnable vulnerability
|
> ME-10017: Thursday, November 23, 2006
> IMAP Critical Hotfix/Update
> Denial of Service and Potential Buffer Overflow Vulnerability within IMAP module
|
|
