MailEnable IMAP Service Buffer Overflow Vulnerability
BID:21252
Info
MailEnable IMAP Service Buffer Overflow Vulnerability
| Bugtraq ID: | 21252 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 23 2006 12:00AM |
| Updated: | Feb 16 2007 05:47PM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
MailEnable MailEnable Professional 1.7 MailEnable MailEnable Professional 1.6 MailEnable MailEnable Professional 2.34 MailEnable MailEnable Professional 2.33 MailEnable MailEnable Professional 2.32 MailEnable MailEnable Professional 2.2 MailEnable MailEnable Professional 2.1 MailEnable MailEnable Professional 2.0 MailEnable MailEnable Professional 1.82 MailEnable MailEnable Professional 1.73 MailEnable MailEnable Professional 1.72 MailEnable MailEnable Enterprise Edition 1.1 MailEnable MailEnable Enterprise Edition 2.34 MailEnable MailEnable Enterprise Edition 2.33 MailEnable MailEnable Enterprise Edition 2.32 MailEnable MailEnable Enterprise Edition 2.2 MailEnable MailEnable Enterprise Edition 2.1 MailEnable MailEnable Enterprise Edition 2.0 MailEnable MailEnable Enterprise Edition 1.21 MailEnable MailEnable Enterprise Edition 1.2 MailEnable MailEnable Enterprise Edition 1.1 MailEnable MailEnable Enterprise Edition 0 |
| Not Vulnerable: |
MailEnable MailEnable Professional 2.35 MailEnable MailEnable Enterprise Edition 2.35 |
Discussion
MailEnable IMAP Service Buffer Overflow Vulnerability
MailEnable is prone to a buffer-overflow vulnerability in the IMAP service because the application fails to properly bounds-check user-supplied data.
This issue is reported to affect the following MailEnable versions, but other versions may also be vulnerable:
1.6-1.82 Professional Edition
1.1-1.30 Enterprise Edition
2.0-2.32 Professional Edition
2.0-2.32 Enterprise Edition
MailEnable is prone to a buffer-overflow vulnerability in the IMAP service because the application fails to properly bounds-check user-supplied data.
This issue is reported to affect the following MailEnable versions, but other versions may also be vulnerable:
1.6-1.82 Professional Edition
1.1-1.30 Enterprise Edition
2.0-2.32 Professional Edition
2.0-2.32 Enterprise Edition
Exploit / POC
MailEnable IMAP Service Buffer Overflow Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
MailEnable IMAP Service Buffer Overflow Vulnerability
Solution:
The vendor has released a fix to address this issue. Please see the references for more information.
Further reports indicate this issue was not properly addressed in the hotfix for version 2.32 but has been properly addressed in version 2.35 and later. Users are advised to obtain the latest available version.
Solution:
The vendor has released a fix to address this issue. Please see the references for more information.
Further reports indicate this issue was not properly addressed in the hotfix for version 2.32 but has been properly addressed in version 2.35 and later. Users are advised to obtain the latest available version.