Lucene search

[email protected]CVE-2005-4456

HistoryDec 21, 2005 - 11:03 a.m.

CVE-2005-4456

2005-12-2111:03:00

[email protected]

web.nvd.nist.gov

cve-2005-4456

buffer overflow

mailenable professional

mailenable enterprise

denial of service

remote code execution

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. NOTE: it is possible that these are alternate vectors for the issue described in CVE-2005-4402.

Affected configurations

NVD

Node

mailenablemailenable_enterpriseMatch1.1

mailenablemailenable_professionalMatch1.71

CPENameOperatorVersion
mailenable:mailenable_enterprisemailenable mailenable enterpriseeq1.1
mailenable:mailenable_professionalmailenable mailenable professionaleq1.71

CPE	Name	Operator	Version
mailenable:mailenable_enterprise	mailenable mailenable enterprise	eq	1.1
mailenable:mailenable_professional	mailenable mailenable professional	eq	1.71

References

seclists.org/lists/fulldisclosure/2005/Dec/1036.html

secunia.com/advisories/18134

www.securityfocus.com/bid/15985

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for CVE-2005-4456

cvelist2 nvd2 nessus1 cve1