MailEnable IMAP Server Multiple Buffer Overflow Vulnerabilities (ME-10021)

Medium Nessus Plugin ID 23756


The remote IMAP server is affected by multiple buffer overflow vulnerabilities.


The IMAP server bundled with the version of MailEnable installed on the remote host reportedly fails to handle malicious arguments to the 'EXAMINE', 'SELECT', and 'DELETE' commands. An authenticated, remote attacker may be able to exploit these issues to crash the affected service or to execute arbitrary code with LOCAL SYSTEM privileges.


Apply Hotfix ME-10021.

Note that ME-10020 was initially listed as a solution, but it turns out to be only a partial fix. Affected users should apply ME-10021 to fully address the issue.

See Also

Plugin Details

Severity: Medium

ID: 23756

File Name: mailenable_me_10021.nasl

Version: $Revision: 1.18 $

Type: local

Agent: windows

Family: Windows

Published: 2006/12/04

Modified: 2016/10/27

Dependencies: 23753

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Required KB Items: SMB/MailEnable/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2006/11/23

Reference Information

CVE: CVE-2006-6290, CVE-2006-6291

BID: 21362

OSVDB: 30661, 31699

Secunia: 23080