MailEnable IMAP Server Multiple Buffer Overflow Vulnerabilities (ME-10025)

Critical Nessus Plugin ID 23783


The remote IMAP server is affected by multiple buffer overflows.


The IMAP server bundled with the version of MailEnable installed on the remote host reportedly is affected by multiple and as yet unspecified buffer overflows.

Note that it is not currently known whether the issues listed in ME-10023 and ME-10025 require authentication or not, but successful exploitation will allow an attacker to crash the service service or to execute arbitrary code with LOCAL SYSTEM privileges.


Apply Hotfix ME-10025.

See Also

Plugin Details

Severity: Critical

ID: 23783

File Name: mailenable_me_10025.nasl

Version: $Revision: 1.15 $

Type: local

Agent: windows

Family: Windows

Published: 2006/12/10

Modified: 2012/08/16

Dependencies: 23753

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Required KB Items: SMB/MailEnable/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2006/12/08

Vulnerability Publication Date: 2006/12/08

Exploitable With

Metasploit (MailEnable IMAPD (2.34/2.35) Login Request Buffer Overflow)

Reference Information

CVE: CVE-2006-6423, CVE-2006-6484

BID: 21492, 21493

OSVDB: 32124, 32125