MailEnable POP Service PASS Command Remote Buffer Overflow Vulnerability
BID:21645
Info
MailEnable POP Service PASS Command Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 21645 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6605 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 18 2006 12:00AM |
| Updated: | Dec 18 2006 12:00AM |
| Credit: | Carsten Eiram from Secunia Research is credited with discovering this issue. |
| Vulnerable: |
MailEnable MailEnable Professional 2.35 MailEnable MailEnable Enterprise Edition 2.35 |
| Not Vulnerable: | |
Discussion
MailEnable POP Service PASS Command Remote Buffer Overflow Vulnerability
MailEnable is prone to a stack-based buffer-overflow vulnerability in the POP service because the application fails to properly bounds-check user-supplied data.
A successful exploit may allow remote attackers to execute arbitrary code in the context of the vulnerable server. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects version 2.35 of the Professional and Enterprise Editions; other versions may be vulnerable.
MailEnable is prone to a stack-based buffer-overflow vulnerability in the POP service because the application fails to properly bounds-check user-supplied data.
A successful exploit may allow remote attackers to execute arbitrary code in the context of the vulnerable server. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects version 2.35 of the Professional and Enterprise Editions; other versions may be vulnerable.
Exploit / POC
MailEnable POP Service PASS Command Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
MailEnable POP Service PASS Command Remote Buffer Overflow Vulnerability
Solution:
The vendor has released a fix to address this issue. Please see the references for more information.
MailEnable MailEnable Professional 2.35
MailEnable MailEnable Enterprise Edition 2.35
Solution:
The vendor has released a fix to address this issue. Please see the references for more information.
MailEnable MailEnable Professional 2.35
-
MailEnable ME-10026.EXE
http://www.mailenable.com/hotfix/ME-10026.EXE
MailEnable MailEnable Enterprise Edition 2.35
-
MailEnable ME-10026.EXE
http://www.mailenable.com/hotfix/ME-10026.EXE
References
MailEnable POP Service PASS Command Remote Buffer Overflow Vulnerability
References:
References:
- MailEnable Homepage (MailEnable)
- MailEnable Hotfix Page (MailEnable)
- Secunia Research: MailEnable POP Service 'PASS' Command Buffer Overflow (Secunia Research)
- MailEnable POP Service 'PASS' Command Buffer Overflow (Secunia Research)