MailEnable IMAP Server Multiple Buffer Overflow Vulnerabilities (ME-10025)

critical Nessus Plugin ID 23783

Synopsis

The remote IMAP server is affected by multiple buffer overflows.

Description

The IMAP server bundled with the version of MailEnable installed on the remote host reportedly is affected by multiple and as yet unspecified buffer overflows.

Note that it is not currently known whether the issues listed in ME-10023 and ME-10025 require authentication or not, but successful exploitation will allow an attacker to crash the service service or to execute arbitrary code with LOCAL SYSTEM privileges.

Solution

Apply Hotfix ME-10025.

See Also

http://www.mailenable.com/hotfix/

Plugin Details

Severity: Critical

ID: 23783

File Name: mailenable_me_10025.nasl

Version: 1.16

Type: local

Agent: windows

Family: Windows

Published: 12/10/2006

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Required KB Items: SMB/MailEnable/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/8/2006

Vulnerability Publication Date: 12/8/2006

Exploitable With

Metasploit (MailEnable IMAPD (2.34/2.35) Login Request Buffer Overflow)

Reference Information

CVE: CVE-2006-6423, CVE-2006-6484

BID: 21492, 21493