MailEnable IMAP Authenticate Request Buffer Overflow Vulnerability
BID:12995
Info
MailEnable IMAP Authenticate Request Buffer Overflow Vulnerability
| Bugtraq ID: | 12995 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1014 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | This issue was announced by the vendor. |
| Vulnerable: |
MailEnable MailEnable Professional 1.54 MailEnable MailEnable Professional 1.53 MailEnable MailEnable Professional 1.52 MailEnable MailEnable Professional 1.51 MailEnable MailEnable Professional 1.5 MailEnable MailEnable Enterprise Edition 1.0 4 MailEnable MailEnable Enterprise Edition 1.0 3 MailEnable MailEnable Enterprise Edition 1.0 2 MailEnable MailEnable Enterprise Edition 1.0 1 MailEnable MailEnable Enterprise Edition 1.0 |
| Not Vulnerable: | |
Discussion
MailEnable IMAP Authenticate Request Buffer Overflow Vulnerability
MailEnable is prone to a remotely exploitable stack-based buffer overflow vulnerability. This vulnerability is exposed in the server's IMAP implementation. The issue may be triggered with a malicious 'A001 AUTHENTICATE' request to the IMAP service.
This vulnerability is reported to affect all unpatched versions of MailEnable Enterprise Edition and MailEnable Professional 1.5 and later.
MailEnable is prone to a remotely exploitable stack-based buffer overflow vulnerability. This vulnerability is exposed in the server's IMAP implementation. The issue may be triggered with a malicious 'A001 AUTHENTICATE' request to the IMAP service.
This vulnerability is reported to affect all unpatched versions of MailEnable Enterprise Edition and MailEnable Professional 1.5 and later.
Exploit / POC
MailEnable IMAP Authenticate Request Buffer Overflow Vulnerability
The following exploit was provided:
The following exploit was provided:
Solution / Fix
MailEnable IMAP Authenticate Request Buffer Overflow Vulnerability
Solution:
A hot fix has been released to address this issue.
MailEnable MailEnable Enterprise Edition 1.0 2
MailEnable MailEnable Enterprise Edition 1.0
MailEnable MailEnable Enterprise Edition 1.0 1
MailEnable MailEnable Enterprise Edition 1.0 3
MailEnable MailEnable Enterprise Edition 1.0 4
MailEnable MailEnable Professional 1.5
MailEnable MailEnable Professional 1.51
MailEnable MailEnable Professional 1.52
MailEnable MailEnable Professional 1.53
MailEnable MailEnable Professional 1.54
Solution:
A hot fix has been released to address this issue.
MailEnable MailEnable Enterprise Edition 1.0 2
-
MailEnable MEIMSM-HF050404.zip
http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
MailEnable MailEnable Enterprise Edition 1.0
-
MailEnable MEIMSM-HF050404.zip
http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
MailEnable MailEnable Enterprise Edition 1.0 1
-
MailEnable MEIMSM-HF050404.zip
http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
MailEnable MailEnable Enterprise Edition 1.0 3
-
MailEnable MEIMSM-HF050404.zip
http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
MailEnable MailEnable Enterprise Edition 1.0 4
-
MailEnable MEIMSM-HF050404.zip
http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
MailEnable MailEnable Professional 1.5
-
MailEnable MEIMSM-HF050404.zip
http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
MailEnable MailEnable Professional 1.51
-
MailEnable MEIMSM-HF050404.zip
http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
MailEnable MailEnable Professional 1.52
-
MailEnable MEIMSM-HF050404.zip
http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
MailEnable MailEnable Professional 1.53
-
MailEnable MEIMSM-HF050404.zip
http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
MailEnable MailEnable Professional 1.54
-
MailEnable MEIMSM-HF050404.zip
http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
References
MailEnable IMAP Authenticate Request Buffer Overflow Vulnerability
References:
References:
- MailEnable Homepage (MailEnable)
- MailEnable Hotfix Page (MailEnable)