MailEnable IMAP mailbox name buffer overflow

mailenable-imap-mailbox-bo (23110) The risk level is classified as HighHigh Risk

Description:

MailEnable is vulnerable to a stack-based buffer overflow, caused by improper bounds checking of mailbox names in the IMAP service. By sending an overly long mailbox name using either the select, create, delete, rename, subscribe, or unsubscribe command, a remote attacker with valid email authentication credentials could overflow a buffer and execute arbitrary code on the system with elevated privileges.


Consequences:

Gain Access

Remedy:

Apply Hotfix ME-10008 dated November 18, 2005, available from the MailEnable Hotfix Download Web page. See References.

References:

  • MailEnable Hotfix Download Web page: MailEnable - Hotfix Download Page.
  • BID-15492: MailEnable IMAP Mailbox Name Buffer Overflow Vulnerability
  • CVE-2005-3690: Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe, or (6) unsubscribe commands.
  • OSVDB ID: 20929: MailEnable IMAP Service (MEIMAPS.EXE) Multiple Command Remote Overflow
  • SA17633: MailEnable Buffer Overflow and Directory Traversal Vulnerabilities
  • SECTRACK ID: 1015239: MailEnable Bugs Let Remote Authenticated Users Execute Arbitrary Code and Create/Delete Directories on the Target System.
  • VUPEN/ADV-2005-2484: MailEnable Buffer Overflow and Directory Traversal Vulnerabilities

Platforms Affected:

  • MailEnable MailEnable Enterprise Edition 1.x
  • MailEnable MailEnable Professional Edition 1.x
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2003 Server Standard
  • Microsoft Windows 2003 Server Web
  • Microsoft Windows 2003 Server Enterprise
  • Microsoft Windows NT 4.0 Server

Reported:

Nov 18, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page