MailEnable IMAP STATUS buffer overflow

2005-11-29T00:00:00
ID SAINT:DD5EC63BEC772699FAE1EC2F020E9A8C
Type saint
Reporter SAINT Corporation
Modified 2005-11-29T00:00:00

Description

Added: 11/29/2005
CVE: CVE-2005-2278
BID: 14243
OSVDB: 17844

Background

MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail.

Problem

A buffer overflow in the STATUS command could allow an authenticated user to execute arbitrary commands.

Resolution

Upgrade to MailEnable Professional 1.6 or MailEnable Enterprise 1.1 with all needed hotfixes.

References

http://marc.theaimsgroup.com/?l=bugtraq&m=112127188609993&w=2

Limitations

Requires a valid IMAP user and password.

Platforms

Windows 2000
Windows XP