MailEnable IMAP SELECT buffer overflow

2006-12-01T00:00:00
ID SAINT:A26FC09E9700ED5DE3B7D61D616812FB
Type saint
Reporter SAINT Corporation
Modified 2006-12-01T00:00:00

Description

Added: 12/01/2006
CVE: CVE-2006-6290
BID: 21362
OSVDB: 31698

Background

MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services.

Problem

A buffer overflow vulnerability in the IMAP service allows an authenticated attacker to execute arbitrary commands by sending a specially crafted SELECT command.

Resolution

Apply the latest hotfix for IMAP.

References

<http://secunia.com/advisories/23080>

Limitations

Exploit works on MailEnable Professional 2.32 with Patch ME-10018 and requires a valid IMAP login name, password, and post office name.

Platforms

Windows