MailEnable POP PASS command buffer overflow

2006-12-28T00:00:00
ID SAINT:E814B8E496DE2B830CA1412A8CB2554F
Type saint
Reporter SAINT Corporation
Modified 2006-12-28T00:00:00

Description

Added: 12/28/2006
CVE: CVE-2006-6605
BID: 21645
OSVDB: 32341

Background

MailEnable is a mail server supporting SMTP and POP3 for Windows platforms.

Problem

A buffer overflow vulnerability in MailEnable allows remote, unauthenticated attackers to execute arbitrary commands by sending a long, specially crafted PASS command to the POP service.

Resolution

Apply hotfix ME-10026.

References

<http://secunia.com/secunia_research/2006-75/advisory/>

Limitations

Exploit works on MailEnable Enterprise 2.34.

Platforms

Windows 2000
Windows Server 2003 SP0
Windows Server 2003 / Windows Server 2003 SP1