MailEnable IMAP Server Multiple Remote Buffer Overflows
2004-11-30T00:00:00
ID MAILENABLE_IMAP_OVERFLOWS.NASL Type nessus Reporter Tenable Modified 2011-04-20T00:00:00
Description
The target is running at least one instance of MailEnable's IMAP service. Two flaws exist in MailEnable Professional Edition 1.52 and earlier as well as MailEnable Enterprise Edition 1.01 and earlier - a stack-based buffer overflow and an object pointer overwrite. A remote attacker can use either vulnerability to execute arbitrary code on the target.
#
# This script was written by George A. Theall, <theall@tifaware.com>.
#
# See the Nessus Scripts License for details.
#
# Changes by Tenable:
# - Revised plugin title (10/22/09)
include("compat.inc");
if (description)
{
script_id(15852);
script_version("$Revision: 1.16 $");
script_cvs_date("$Date: 2011/04/20 01:55:04 $");
script_cve_id("CVE-2004-2501");
script_bugtraq_id(11755);
script_osvdb_id(12135, 12136);
script_name(english:"MailEnable IMAP Server Multiple Remote Buffer Overflows");
script_summary(english:"Checks for Remote Buffer Overflows in MailEnable's IMAP Service");
script_set_attribute(attribute:"synopsis", value:
"The remote mail server is affected by several buffer overflow issues." );
script_set_attribute(attribute:"description", value:
"The target is running at least one instance of MailEnable's IMAP
service. Two flaws exist in MailEnable Professional Edition 1.52 and
earlier as well as MailEnable Enterprise Edition 1.01 and earlier - a
stack-based buffer overflow and an object pointer overwrite. A remote
attacker can use either vulnerability to execute arbitrary code on the
target." );
script_set_attribute(attribute:"see_also", value:"http://www.hat-squad.com/en/000102.html" );
script_set_attribute(attribute:"see_also", value:"http://www.mailenable.com/hotfix/default.asp" );
script_set_attribute(attribute:"solution", value:
"Apply the IMAP hotfix dated 25 November 2004." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:U/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/30");
script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mailenable:mailenable");
script_end_attributes();
script_category(ACT_DENIAL);
script_copyright(english:"This script is Copyright (C) 2004-2011 George A. Theall");
script_family(english:"Windows");
script_dependencie("find_service1.nasl", "global_settings.nasl");
script_require_ports("Services/imap", 143);
script_exclude_keys("imap/false_imap");
exit(0);
}
include("global_settings.inc");
# NB: MailEnable doesn't truly identify itself in the banner so we just
# connect and send a long command to try to bring down the service
# if it looks like it's MailEnable.
port = get_kb_item("Services/imap");
if (!port) port = 143;
if (!get_port_state(port)) exit(0);
banner = get_kb_item("imap/banner/" + port);
if ("IMAP4rev1 server ready at" >!< banner) exit(0);
# Establish a connection.
soc = open_sock_tcp(port);
if (!soc) exit(0);
# Read banner.
s = recv_line(socket:soc, length:1024);
if (!strlen(s)) {
close(soc);
exit(0);
}
s = chomp(s);
# Send a long command and see if the service crashes.
#
# nb: this tests only for the stack-based buffer overflow; the object
# pointer overwrite vulnerability reportedly occurs in the same
# versions so we just assume it's present if the former is.
c = string("a1 ", crap(8202));
send(socket:soc, data:string(c, "\r\n"));
while (s = recv_line(socket:soc, length:1024)) {
s = chomp(s);
m = eregmatch(pattern:"^a1 (OK|BAD|NO)", string:s, icase:TRUE);
if (!isnull(m)) {
resp = m[1];
break;
}
resp='';
}
# If we don't get a response, make sure the service is truly down.
if (!resp) {
close(soc);
soc = open_sock_tcp(port);
if (!soc) {
security_hole(port);
exit(0);
}
}
# Logout.
c = string("a2", " LOGOUT");
send(socket:soc, data:string(c, "\r\n"));
while (s = recv_line(socket:soc, length:1024)) {
s = chomp(s);
m = eregmatch(pattern:"^a2 (OK|BAD|NO)", string:s, icase:TRUE);
if (!isnull(m)) {
resp = m[1];
break;
}
}
close(soc);
{"id": "MAILENABLE_IMAP_OVERFLOWS.NASL", "bulletinFamily": "scanner", "title": "MailEnable IMAP Server Multiple Remote Buffer Overflows", "description": "The target is running at least one instance of MailEnable's IMAP service. Two flaws exist in MailEnable Professional Edition 1.52 and earlier as well as MailEnable Enterprise Edition 1.01 and earlier - a stack-based buffer overflow and an object pointer overwrite. A remote attacker can use either vulnerability to execute arbitrary code on the target.", "published": "2004-11-30T00:00:00", "modified": "2011-04-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15852", "reporter": "Tenable", "references": ["http://www.mailenable.com/hotfix/default.asp", "http://www.hat-squad.com/en/000102.html"], "cvelist": ["CVE-2004-2501"], "type": "nessus", "lastseen": "2017-10-29T13:43:38", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2004-2501"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The target is running at least one instance of MailEnable's IMAP service. Two flaws exist in MailEnable Professional Edition 1.52 and earlier as well as MailEnable Enterprise Edition 1.01 and earlier - a stack-based buffer overflow and an object pointer overwrite. A remote attacker can use either vulnerability to execute arbitrary code on the target.", "edition": 1, "enchantments": {}, "hash": "2c17233cc2da19b4065d3215b771c5efa045dfe993611ea5e7aa96955cdd9945", "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8d5c6ba0dc279f21c07956660f81787e", "key": "modified"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "0fd333e06d05ac84c1ba8faf496e86bc", "key": "description"}, {"hash": "ab3a7a8f8266834343b1f791b88653da", "key": "published"}, {"hash": "f1a4d4755ef6beb4146e2065e6bdb967", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "61c68ac879a7ec23b78912aa04f59d78", "key": "pluginID"}, {"hash": "b8d8b03af178dce6de1c3ac301b0a3a8", "key": "href"}, {"hash": "301d322656089714fde4dfb60abae411", "key": "cvelist"}, {"hash": "9265e1744b96351834f5b9a0bfd26619", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "7cb21f8ddd8bfabc11f229e0da135488", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=15852", "id": "MAILENABLE_IMAP_OVERFLOWS.NASL", "lastseen": "2016-09-26T17:26:07", "modified": "2011-04-20T00:00:00", "naslFamily": "Windows", "objectVersion": "1.2", "pluginID": "15852", "published": "2004-11-30T00:00:00", "references": ["http://www.mailenable.com/hotfix/default.asp", "http://www.hat-squad.com/en/000102.html"], "reporter": "Tenable", "sourceData": "#\n# This script was written by George A. Theall, <theall@tifaware.com>.\n#\n# See the Nessus Scripts License for details.\n#\n\n# Changes by Tenable:\n# - Revised plugin title (10/22/09)\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15852);\n script_version(\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2011/04/20 01:55:04 $\");\n\n script_cve_id(\"CVE-2004-2501\");\n script_bugtraq_id(11755);\n script_osvdb_id(12135, 12136);\n\n script_name(english:\"MailEnable IMAP Server Multiple Remote Buffer Overflows\");\n script_summary(english:\"Checks for Remote Buffer Overflows in MailEnable's IMAP Service\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote mail server is affected by several buffer overflow issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The target is running at least one instance of MailEnable's IMAP\nservice. Two flaws exist in MailEnable Professional Edition 1.52 and\nearlier as well as MailEnable Enterprise Edition 1.01 and earlier - a\nstack-based buffer overflow and an object pointer overwrite. A remote\nattacker can use either vulnerability to execute arbitrary code on the\ntarget.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hat-squad.com/en/000102.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.mailenable.com/hotfix/default.asp\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the IMAP hotfix dated 25 November 2004.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/11/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/11/25\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mailenable:mailenable\");\n script_end_attributes();\n \n script_category(ACT_DENIAL);\n script_copyright(english:\"This script is Copyright (C) 2004-2011 George A. Theall\");\n script_family(english:\"Windows\");\n script_dependencie(\"find_service1.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/imap\", 143);\n script_exclude_keys(\"imap/false_imap\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\n\n# NB: MailEnable doesn't truly identify itself in the banner so we just\n# connect and send a long command to try to bring down the service \n# if it looks like it's MailEnable.\nport = get_kb_item(\"Services/imap\");\nif (!port) port = 143;\nif (!get_port_state(port)) exit(0);\nbanner = get_kb_item(\"imap/banner/\" + port);\nif (\"IMAP4rev1 server ready at\" >!< banner) exit(0);\n\n# Establish a connection.\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n# Read banner.\ns = recv_line(socket:soc, length:1024);\nif (!strlen(s)) {\n close(soc);\n exit(0);\n}\ns = chomp(s);\n\n# Send a long command and see if the service crashes.\n#\n# nb: this tests only for the stack-based buffer overflow; the object\n# pointer overwrite vulnerability reportedly occurs in the same\n# versions so we just assume it's present if the former is.\nc = string(\"a1 \", crap(8202));\nsend(socket:soc, data:string(c, \"\\r\\n\"));\nwhile (s = recv_line(socket:soc, length:1024)) {\n s = chomp(s);\n m = eregmatch(pattern:\"^a1 (OK|BAD|NO)\", string:s, icase:TRUE);\n if (!isnull(m)) {\n resp = m[1];\n break;\n }\n resp='';\n}\n# If we don't get a response, make sure the service is truly down.\nif (!resp) {\n close(soc);\n soc = open_sock_tcp(port);\n if (!soc) {\n security_hole(port);\n exit(0);\n }\n}\n\n# Logout.\nc = string(\"a2\", \" LOGOUT\");\nsend(socket:soc, data:string(c, \"\\r\\n\"));\nwhile (s = recv_line(socket:soc, length:1024)) {\n s = chomp(s);\n m = eregmatch(pattern:\"^a2 (OK|BAD|NO)\", string:s, icase:TRUE);\n if (!isnull(m)) {\n resp = m[1];\n break;\n }\n}\nclose(soc);\n", "title": "MailEnable IMAP Server Multiple Remote Buffer Overflows", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:07"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "496b5cf405384c9f831d30a8816030d4"}, {"key": "cvelist", "hash": "301d322656089714fde4dfb60abae411"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "0fd333e06d05ac84c1ba8faf496e86bc"}, {"key": "href", "hash": "b8d8b03af178dce6de1c3ac301b0a3a8"}, {"key": "modified", "hash": "8d5c6ba0dc279f21c07956660f81787e"}, {"key": "naslFamily", "hash": "aea23489ce3aa9b6406ebb28e0cda430"}, {"key": "pluginID", "hash": "61c68ac879a7ec23b78912aa04f59d78"}, {"key": "published", "hash": "ab3a7a8f8266834343b1f791b88653da"}, {"key": "references", "hash": "f1a4d4755ef6beb4146e2065e6bdb967"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "9265e1744b96351834f5b9a0bfd26619"}, {"key": "title", "hash": "7cb21f8ddd8bfabc11f229e0da135488"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "0d24258f312a34b7b7510b6ffa032867f4cd8c35a772a18b23d1856492383169", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# This script was written by George A. Theall, <theall@tifaware.com>.\n#\n# See the Nessus Scripts License for details.\n#\n\n# Changes by Tenable:\n# - Revised plugin title (10/22/09)\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15852);\n script_version(\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2011/04/20 01:55:04 $\");\n\n script_cve_id(\"CVE-2004-2501\");\n script_bugtraq_id(11755);\n script_osvdb_id(12135, 12136);\n\n script_name(english:\"MailEnable IMAP Server Multiple Remote Buffer Overflows\");\n script_summary(english:\"Checks for Remote Buffer Overflows in MailEnable's IMAP Service\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote mail server is affected by several buffer overflow issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The target is running at least one instance of MailEnable's IMAP\nservice. Two flaws exist in MailEnable Professional Edition 1.52 and\nearlier as well as MailEnable Enterprise Edition 1.01 and earlier - a\nstack-based buffer overflow and an object pointer overwrite. A remote\nattacker can use either vulnerability to execute arbitrary code on the\ntarget.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hat-squad.com/en/000102.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.mailenable.com/hotfix/default.asp\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the IMAP hotfix dated 25 November 2004.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/11/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/11/25\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mailenable:mailenable\");\n script_end_attributes();\n \n script_category(ACT_DENIAL);\n script_copyright(english:\"This script is Copyright (C) 2004-2011 George A. Theall\");\n script_family(english:\"Windows\");\n script_dependencie(\"find_service1.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/imap\", 143);\n script_exclude_keys(\"imap/false_imap\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\n\n# NB: MailEnable doesn't truly identify itself in the banner so we just\n# connect and send a long command to try to bring down the service \n# if it looks like it's MailEnable.\nport = get_kb_item(\"Services/imap\");\nif (!port) port = 143;\nif (!get_port_state(port)) exit(0);\nbanner = get_kb_item(\"imap/banner/\" + port);\nif (\"IMAP4rev1 server ready at\" >!< banner) exit(0);\n\n# Establish a connection.\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n# Read banner.\ns = recv_line(socket:soc, length:1024);\nif (!strlen(s)) {\n close(soc);\n exit(0);\n}\ns = chomp(s);\n\n# Send a long command and see if the service crashes.\n#\n# nb: this tests only for the stack-based buffer overflow; the object\n# pointer overwrite vulnerability reportedly occurs in the same\n# versions so we just assume it's present if the former is.\nc = string(\"a1 \", crap(8202));\nsend(socket:soc, data:string(c, \"\\r\\n\"));\nwhile (s = recv_line(socket:soc, length:1024)) {\n s = chomp(s);\n m = eregmatch(pattern:\"^a1 (OK|BAD|NO)\", string:s, icase:TRUE);\n if (!isnull(m)) {\n resp = m[1];\n break;\n }\n resp='';\n}\n# If we don't get a response, make sure the service is truly down.\nif (!resp) {\n close(soc);\n soc = open_sock_tcp(port);\n if (!soc) {\n security_hole(port);\n exit(0);\n }\n}\n\n# Logout.\nc = string(\"a2\", \" LOGOUT\");\nsend(socket:soc, data:string(c, \"\\r\\n\"));\nwhile (s = recv_line(socket:soc, length:1024)) {\n s = chomp(s);\n m = eregmatch(pattern:\"^a2 (OK|BAD|NO)\", string:s, icase:TRUE);\n if (!isnull(m)) {\n resp = m[1];\n break;\n }\n}\nclose(soc);\n", "naslFamily": "Windows", "pluginID": "15852", "cpe": ["cpe:/a:mailenable:mailenable"]}
{"result": {"cve": [{"id": "CVE-2004-2501", "type": "cve", "title": "CVE-2004-2501", "description": "Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1.01 allows remote attackers to execute arbitrary code via (1) a long command string or (2) a long string to the MEIMAP service and then terminating the connection.", "published": "2004-12-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2501", "cvelist": ["CVE-2004-2501"], "lastseen": "2017-07-11T11:14:43"}], "saint": [{"id": "SAINT:9E224E965DDC130425E19653A8D2F2E1", "type": "saint", "title": "MailEnable IMAP command buffer overflow", "description": "Added: 01/24/2006 \nCVE: [CVE-2004-2501](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2501>) \nBID: [11755](<http://www.securityfocus.com/bid/11755>) \nOSVDB: [12135](<http://www.osvdb.org/12135>) \n\n\n### Background\n\n[MailEnable](<http://www.mailenable.com>) is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services. \n\n### Problem\n\nA buffer overflow in the IMAP service allows an unauthenticated attacker to execute commands by sending a very long command. \n\n### Resolution\n\n[Upgrade](<http://www.mailenable.com/download.asp>) to the latest version of MailEnable with all needed [hotfixes](<http://www.mailenable.com/hotfix/>). \n\n### References\n\n<http://archives.neohapsis.com/archives/bugtraq/2004-11/0349.html> \n\n\n### Limitations\n\nExploit works on MailEnable Professional 1.52. \n\n### Platforms\n\nWindows \n \n\n", "published": "2006-01-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/mailenable_imap_command", "cvelist": ["CVE-2004-2501"], "lastseen": "2016-12-14T16:58:07"}, {"id": "SAINT:A0C3986DB61A9A331F28B8A2E57AD8BC", "type": "saint", "title": "MailEnable IMAP command buffer overflow", "description": "Added: 01/24/2006 \nCVE: [CVE-2004-2501](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2501>) \nBID: [11755](<http://www.securityfocus.com/bid/11755>) \nOSVDB: [12135](<http://www.osvdb.org/12135>) \n\n\n### Background\n\n[MailEnable](<http://www.mailenable.com>) is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services. \n\n### Problem\n\nA buffer overflow in the IMAP service allows an unauthenticated attacker to execute commands by sending a very long command. \n\n### Resolution\n\n[Upgrade](<http://www.mailenable.com/download.asp>) to the latest version of MailEnable with all needed [hotfixes](<http://www.mailenable.com/hotfix/>). \n\n### References\n\n<http://archives.neohapsis.com/archives/bugtraq/2004-11/0349.html> \n\n\n### Limitations\n\nExploit works on MailEnable Professional 1.52. \n\n### Platforms\n\nWindows \n \n\n", "published": "2006-01-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/mailenable_imap_command", "cvelist": ["CVE-2004-2501"], "lastseen": "2017-01-10T14:03:42"}, {"id": "SAINT:522D5E14B69A5A58858F116BA2C1EDD9", "type": "saint", "title": "MailEnable IMAP command buffer overflow", "description": "Added: 01/24/2006 \nCVE: [CVE-2004-2501](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2501>) \nBID: [11755](<http://www.securityfocus.com/bid/11755>) \nOSVDB: [12135](<http://www.osvdb.org/12135>) \n\n\n### Background\n\n[MailEnable](<http://www.mailenable.com>) is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services. \n\n### Problem\n\nA buffer overflow in the IMAP service allows an unauthenticated attacker to execute commands by sending a very long command. \n\n### Resolution\n\n[Upgrade](<http://www.mailenable.com/download.asp>) to the latest version of MailEnable with all needed [hotfixes](<http://www.mailenable.com/hotfix/>). \n\n### References\n\n<http://archives.neohapsis.com/archives/bugtraq/2004-11/0349.html> \n\n\n### Limitations\n\nExploit works on MailEnable Professional 1.52. \n\n### Platforms\n\nWindows \n \n\n", "published": "2006-01-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/mailenable_imap_command", "cvelist": ["CVE-2004-2501"], "lastseen": "2016-10-03T15:01:55"}], "exploitdb": [{"id": "EDB-ID:658", "type": "exploitdb", "title": "MailEnable Mail Server IMAP <= 1.52 - Remote Buffer Overflow Exploit", "description": "MailEnable Mail Server IMAP <= 1.52 Remote Buffer Overflow Exploit. CVE-2004-2501. Remote exploit for windows platform", "published": "2004-11-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/658/", "cvelist": ["CVE-2004-2501"], "lastseen": "2016-01-31T12:37:34"}], "openvas": [{"id": "OPENVAS:15852", "type": "openvas", "title": "MailEnable IMAP Service Remote Buffer Overflows", "description": "The target is running at least one instance of MailEnable's IMAP\nservice. Two flaws exist in MailEnable Professional Edition 1.52 and\nearlier as well as MailEnable Enterprise Edition 1.01 and earlier - a\nstack-based buffer overflow and an object pointer overwrite. A remote\nattacker can use either vulnerability to execute arbitrary code on the\ntarget. More information is available at :\n\n http://www.hat-squad.com/en/000102.html", "published": "2005-11-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=15852", "cvelist": ["CVE-2004-2501"], "lastseen": "2017-07-02T21:10:07"}, {"id": "OPENVAS:136141256231015852", "type": "openvas", "title": "MailEnable IMAP Service Remote Buffer Overflows", "description": "The target is running at least one instance of MailEnable's IMAP\nservice. Two flaws exist in MailEnable Professional Edition 1.52 and\nearlier as well as MailEnable Enterprise Edition 1.01 and earlier - a\nstack-based buffer overflow and an object pointer overwrite. A remote\nattacker can use either vulnerability to execute arbitrary code on the\ntarget. More information is available at :\n\n http://www.hat-squad.com/en/000102.html", "published": "2005-11-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231015852", "cvelist": ["CVE-2004-2501"], "lastseen": "2018-04-06T11:15:56"}]}}
