MailEnable IMAP STATUS buffer overflow

Added: 11/29/2005
CVE: CVE-2005-2278
BID: 14243
OSVDB: 17844

Background

MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail.

Problem

A buffer overflow in the STATUS command could allow an authenticated user to execute arbitrary commands.

Resolution

Upgrade to MailEnable Professional 1.6 or MailEnable Enterprise 1.1 with all needed hotfixes.

References

http://marc.theaimsgroup.com/?l=bugtraq&m=112127188609993&w=2

Limitations

Requires a valid IMAP user and password.

Platforms

Windows 2000
Windows XP

Back to exploit index