MailEnable POP PASS command buffer overflow

Added: 12/28/2006
CVE: CVE-2006-6605
BID: 21645
OSVDB: 32341

Background

MailEnable is a mail server supporting SMTP and POP3 for Windows platforms.

Problem

A buffer overflow vulnerability in MailEnable allows remote, unauthenticated attackers to execute arbitrary commands by sending a long, specially crafted PASS command to the POP service.

Resolution

Apply hotfix ME-10026.

References

http://secunia.com/secunia_research/2006-75/advisory/

Limitations

Exploit works on MailEnable Enterprise 2.34.

Platforms

Windows 2000
Windows Server 2003 SP0
Windows Server 2003 / Windows Server 2003 SP1

Back to exploit index