Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:6A7981BF26831C0ADEF7EB7EA59A275D
HistoryNov 29, 2005 - 12:00 a.m.

MailEnable IMAP mailbox name buffer overflow

2005-11-2900:00:00
SAINT Corporation
www.saintcorporation.com
32

0.094 Low

EPSS

Percentile

94.1%

JSON

Added: 11/29/2005
CVE: CVE-2005-3690
BID: 15492
OSVDB: 20929

Background

MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail.

Problem

A buffer overflow in the SELECT, CREATE, DELETE, RENAME, SUBSCRIBE, and UNSUBSCRIBE commands could allow an authenticated user to execute arbitrary commands using a long, specially crafted mailbox name.

Resolution

Upgrade to MailEnable Professional 1.7 or MailEnable Enterprise 1.1 with all needed hotfixes.

References

<http://secunia.com/secunia_research/2005-59/advisory/&gt;

Limitations

Exploit works against MailEnable Professional 1.6. The vulnerable host must be able to connect back to a port on the attacking host. Exploit requires a valid IMAP user and password.

Platforms

Windows

Related

saint 3
cve 2
nessus 1
saint
saint
MailEnable IMAP mailbox name buffer overflow
2005-11-29 00:00:00
MailEnable IMAP mailbox name buffer overflow
2005-11-29 00:00:00
MailEnable IMAP mailbox name buffer overflow
2005-11-29 00:00:00
cve
cve
CVE-2005-3690
2005-11-19 01:03:00
CVE-2005-3813
2005-11-26 02:03:00
nessus
nessus
MailEnable < 1.7 IMAP Server Multiple Vulnerabilities (ME-100008)
2005-11-20 00:00:00

0.094 Low

EPSS

Percentile

94.1%

JSON
Related for SAINT:6A7981BF26831C0ADEF7EB7EA59A275D
saint3cve2nessus1