MailEnable IMAP / SMTP Multiple Remote Vulnerabilities
Critical Nessus Plugin ID 17974
SynopsisThe remote mail server is affected by multiple issues.
DescriptionThe remote host is running a version of MailEnable Professional or MailEnable Enterprise Edition that is prone to the following vulnerabilities :
- An IMAP Authenticate Request Buffer Overflow Vulnerability Sending an AUTHENTICATE or LOGIN command with an argument of 1016 characters or more overflows a stack-based buffer. An attacker can leverage this flaw to overwrite sensitive program control variables and thereby control execution flow of the server process.
- An SMTP Malformed EHLO Request Denial Of Service Vulnerability The SMTP service does not properly handle malformed EHLO commands and may crash when it encounters an argument containing the character 0x99. A remote attacker could use this flaw to crash the SMTP service, thereby denying service to legitimate users.
SolutionApply the IMAP and SMTP hotfix from 4th April 2005. Note that the hotfix does not fix the overflow involving an oversize LOGIN command.