MailEnable IMAP Service (MEIMAPS.EXE) Multiple Command Remote Overflow

2005-11-18T02:48:18
ID OSVDB:20929
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com)
Modified 2005-11-18T02:48:18

Description

Vulnerability Description

A remote overflow exists in MailEnable. The 'MEIMAPS.EXE' service fails to perform proper bounds checking resulting in a stack-based buffer overflow. With a specially crafted request containing an overly long mailbox name to the 'select', 'create', 'delete', 'rename', 'subscribe' and 'unsubcribe' commands, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to MailEnable Professional version 1.7 or higher, as it has been reported to fix this vulnerability. In addition, MailEnable has released a patch.

Short Description

A remote overflow exists in MailEnable. The 'MEIMAPS.EXE' service fails to perform proper bounds checking resulting in a stack-based buffer overflow. With a specially crafted request containing an overly long mailbox name to the 'select', 'create', 'delete', 'rename', 'subscribe' and 'unsubcribe' commands, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.mailenable.com/ Vendor Specific Solution URL: http://www.mailenable.com/hotfix/ME-10008.EXE Security Tracker: 1015239 Secunia Advisory ID:17633 Related OSVDB ID: 20930 Other Advisory URL: http://secunia.com/secunia_research/2005-59/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0581.html Keyword: ME-10008 ISS X-Force ID: 23110 FrSIRT Advisory: ADV-2005-2484 CVE-2005-3690 Bugtraq ID: 15492