MailEnable IMAP Server Multiple Remote Buffer Overflows

high Nessus Plugin ID 15852

Synopsis

The remote mail server is affected by several buffer overflow issues.

Description

The target is running at least one instance of MailEnable's IMAP service. Two flaws exist in MailEnable Professional Edition 1.52 and earlier as well as MailEnable Enterprise Edition 1.01 and earlier - a stack-based buffer overflow and an object pointer overwrite. A remote attacker can use either vulnerability to execute arbitrary code on the target.

Solution

Apply the IMAP hotfix dated 25 November 2004.

See Also

http://www.hat-squad.com/en/000102.html

http://www.mailenable.com/hotfix/default.aspx

Plugin Details

Severity: High

ID: 15852

File Name: mailenable_imap_overflows.nasl

Version: 1.19

Type: remote

Agent: windows

Family: Windows

Published: 11/30/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Excluded KB Items: imap/false_imap

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/25/2004

Reference Information

CVE: CVE-2004-2501

BID: 11755