|
Family: Gain root remotely --> Category: infos
MailEnable IMAP EXAMINE Command Buffer Overflow Vulnerability Scan
Vulnerability Scan Summary Checks for EXAMINE command buffer overflow in MailEnable's IMAP service
Detailed Explanation for this Vulnerability Test
Synopsis :
It is possible to execute code on the remote IMAP server.
Description :
The remote host is running a version of MailEnable's IMAP service that
is prone to a buffer overflow vulnerability triggered when processing
a EXAMINE command with a long mailbox name. Once authenticated, an
attacker can exploit this flaw to execute arbitrary code subject to
the rights of the affected application. There are also reportedly
similar issues with other IMAP commands.
See also :
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040388.html
Solution :
Install Hotfix ME-10010 for MailEnable Professional 1.71 and earlier or
MailEnable Enterprise Edition 1.1 and earlier.
Threat Level:
Low / CVSS Base Score : 3.3
(AV:R/AC:L/Au:NR/C:N/I:N/A:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|