Check Point Advisories

Preemptive Protection against MailEnable IMAP Service Buffer Overflow Vulnerability

Check Point Reference: CPAI-2006-146
Date Published: 5 Dec 2006
Severity: Medium
Last Updated: Thursday 03 May, 2007
Source: FrSIRT/ADV-2006-4778
Secunia Advisory: SA23080
Industry Reference:CVE-2006-6239
Protection Provided by:
Who is Vulnerable? MailEnable Enterprise 1.40
MailEnable Enterprise 2.33
MailEnable Professional 1.83
MailEnable Professional 2.33
Vulnerability Description A buffer overflow vulnerability exists in MailEnable IMAP service. MailEnable is an email server suite for Microsoft Windows. Several IMAP servers contain buffer overflow errors in the way they handle IMAP commands. By carefully crafting an overly long SELECT/EXAMINE command, an attacker can trigger a buffer overflow which may lead to an application crash or arbitrary code execution.
Update/Patch AvaliableApply hotfix:
http://www.mailenable.com/hotfix/ME-10021.ZIP
Vulnerability DetailsThis flaw is due to a buffer overflow error when processing overly long EXAMINE and SELECT IMAP commands. A remote attacker can exploit this vulnerability via an overly long argument. Successful exploitation may allow an attacker to create a denial of service condition or execute arbitrary code on a affected system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK