MailEnable IMAP Server Multiple Buffer Overflow Vulnerabilities (ME-10021)
Medium Nessus Plugin ID 23756
SynopsisThe remote IMAP server is affected by multiple buffer overflow vulnerabilities.
DescriptionThe IMAP server bundled with the version of MailEnable installed on the remote host reportedly fails to handle malicious arguments to the 'EXAMINE', 'SELECT', and 'DELETE' commands. An authenticated, remote attacker may be able to exploit these issues to crash the affected service or to execute arbitrary code with LOCAL SYSTEM privileges.
SolutionApply Hotfix ME-10021.
Note that ME-10020 was initially listed as a solution, but it turns out to be only a partial fix. Affected users should apply ME-10021 to fully address the issue.