MailEnable IMAP STATUS Command Remote Overflow

High Nessus Plugin ID 19193


The remote IMAP server is affected by a buffer overflow vulnerability.


The remote host is running a version of MailEnable's IMAP service that is prone to a buffer overflow attack when processing a STATUS command with a long mailbox name. Once authenticated, an attacker can exploit this flaw to execute arbitrary code subject to the privileges of the affected application.


Upgrade to MailEnable Professional 1.6 or later or to MailEnable Enterprise Edition 1.1 or later.

See Also

Plugin Details

Severity: High

ID: 19193

File Name: mailenable_imap_status_overflow.nasl

Version: $Revision: 1.16 $

Type: remote

Agent: windows

Family: Windows

Published: 2005/07/14

Modified: 2016/10/27

Dependencies: 11414, 10263

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Required KB Items: imap/login, imap/password

Excluded KB Items: imap/false_imap

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2005/06/30

Vulnerability Publication Date: 2005/07/12

Exploitable With

Core Impact

Metasploit (MailEnable IMAPD (1.54) STATUS Request Buffer Overflow)

Reference Information

CVE: CVE-2005-2278

BID: 14243

OSVDB: 17844