Check Point Advisories

MailEnable POP3 Service PASS Command Buffer Overflow (CVE-2006-6605)

Check Point Reference: CPAI-2006-315
Date Published: 10 Nov 2009
Severity: High
Last Updated: Thursday 08 May, 2014
Source:
Industry Reference:CVE-2006-6605
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description MailEnable is an email server suite for the Microsoft Windows platform. The product supports various email transfer protocols such as SMTP, POP3 and IMAP. The MailEnable protocol handlers are installed as individual services on the system, called Connectors. There exists a stack-based buffer overflow vulnerability in the MailEnable POP3 service. The flaw is caused due to a boundary error in the POP3 service when handling the argument to the POP3 "PASS" command. A remote unauthenticated user may leverage the vulnerability to inject and execute arbitrary code with System level privileges or create a denial of service condition on a vulnerable system. If an attack attempt is either unsuccessful in diverting the process flow or is meant to create a denial of service condition, then the affected service will terminate. In such a case, an event log entry will be added to System Logs of the target system, recoding the abnormal termination of the service. In a more sophisticated attack, where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the System account.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the MailEnable POP3 Service PASS Command Buffer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  POP3 Protocol Violation.
Attack Information:  MailEnable POP3 service PASS command buffer overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK