|
|
Family: Gain root remotely --> Category: mixed
MailEnable IMAP STATUS Command Buffer Overflow Vulnerability Scan
Vulnerability Scan Summary
Checks for STATUS command buffer overflow in MailEnable's IMAP service
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote IMAP server is affected by a buffer overflow vulnerability.
Description :
The remote host is running a version of MailEnable's IMAP service that
is prone to a buffer overflow vulnerability triggered when processing
a STATUS command with a long mailbox name. Once authenticated, an
attacker can exploit this flaw to execute arbitrary code subject to
the rights of the affected application.
See also :
http://www.coresecurity.com/common/showdoc.php?idx=467&idxseccion=10
http://archives.neohapsis.com/archives/bugtraq/2005-07/0205.html
Solution :
Upgrade to MailEnable Professional 1.6 or later or to MailEnable
Enterprise Edition 1.1 or later.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:L/Au:R/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
