SAINT CorporationSAINT:CE9CD7D28FFEAB8FB32D1B098DF42C13MailEnable IMAP mailbox name buffer overflow
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.094 Low
EPSS
Percentile
94.7%
Added: 11/29/2005
CVE: CVE-2005-3690
BID: 15492
OSVDB: 20929
Background
MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail.
Problem
A buffer overflow in the SELECT, CREATE, DELETE, RENAME, SUBSCRIBE, and UNSUBSCRIBE commands could allow an authenticated user to execute arbitrary commands using a long, specially crafted mailbox name.
Resolution
Upgrade to MailEnable Professional 1.7 or MailEnable Enterprise 1.1 with all needed hotfixes.
References
<http://secunia.com/secunia_research/2005-59/advisory/>
Limitations
Exploit works against MailEnable Professional 1.6. The vulnerable host must be able to connect back to a port on the attacking host. Exploit requires a valid IMAP user and password.
Platforms
Windows
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.094 Low
EPSS
Percentile
94.7%