MailEnable IMAP command buffer overflow

2006-01-24T00:00:00
ID SAINT:9E224E965DDC130425E19653A8D2F2E1
Type saint
Reporter SAINT Corporation
Modified 2006-01-24T00:00:00

Description

Added: 01/24/2006
CVE: CVE-2004-2501
BID: 11755
OSVDB: 12135

Background

MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services.

Problem

A buffer overflow in the IMAP service allows an unauthenticated attacker to execute commands by sending a very long command.

Resolution

Upgrade to the latest version of MailEnable with all needed hotfixes.

References

<http://archives.neohapsis.com/archives/bugtraq/2004-11/0349.html>

Limitations

Exploit works on MailEnable Professional 1.52.

Platforms

Windows