MailEnable IMAP W3C Logging Buffer Overflow

2005-12-03T00:00:00
ID SAINT:7D568B6A44BCE5EC05156F69A6D8303C
Type saint
Reporter SAINT Corporation
Modified 2005-12-03T00:00:00

Description

Added: 12/03/2005
CVE: CVE-2005-3155
BID: 15006
OSVDB: 19842

Background

MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail.

Problem

MailEnable's IMAP service is affected by a buffer overflow condition in the handling of W3C logging. This could allow authenticated users to execute arbitrary commands.

Resolution

Upgrade to MailEnable Professional 1.7 or MailEnable Enterprise 1.1 with all needed hotfixes.

References

<http://secunia.com/advisories/17010>

Limitations

Exploit works on MailEnable Professional 1.6. A valid IMAP user name and password are required.

Platforms

Windows 2000 / Windows XP
Windows Server 2003