SAINT CorporationSAINT:A00213497BE6AAD4E9E53BDBFFD46E7BMailEnable IMAP SELECT buffer overflow
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.5%
Added: 12/01/2006
CVE: CVE-2006-6290
BID: 21362
OSVDB: 31698
Background
MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services.
Problem
A buffer overflow vulnerability in the IMAP service allows an authenticated attacker to execute arbitrary commands by sending a specially crafted SELECT command.
Resolution
Apply the latest hotfix for IMAP.
References
<http://secunia.com/advisories/23080>
Limitations
Exploit works on MailEnable Professional 2.32 with Patch ME-10018 and requires a valid IMAP login name, password, and post office name.
Platforms
Windows
Related
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.5%