MailEnable IMAP command buffer overflow

2006-01-24T00:00:00
ID SAINT:A0C3986DB61A9A331F28B8A2E57AD8BC
Type saint
Reporter SAINT Corporation
Modified 2006-01-24T00:00:00

Description

Added: 01/24/2006
CVE: CVE-2004-2501
BID: 11755
OSVDB: 12135

Background

MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services.

Problem

A buffer overflow in the IMAP service allows an unauthenticated attacker to execute commands by sending a very long command.

Resolution

Upgrade to the latest version of MailEnable with all needed hotfixes.

References

<http://archives.neohapsis.com/archives/bugtraq/2004-11/0349.html>

Limitations

Exploit works on MailEnable Professional 1.52.

Platforms

Windows