MailEnable's IMAP server contains a buffer overflow vulnerability in the Login command.
a4eceb36c2639afe9fd1c656c7174c4475cb9596985d2e61b7f06f2ea8f79eeaSecunia Research has discovered a vulnerability in MailEnable Professional Edition version 2.35, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing data sent to the IMAP server. This can be exploited to cause a stack-based buffer overflow by first sending a command in the "Not Authenticated" state (e.g. "login" command) with a specially crafted parameter to make the IMAP service wait for more incoming data and then sending an overly long string (greater than 512 bytes).
50845d9664d4795bef5673fb158d9b6f36ae9ac4b5a0fc08c947afcdd0f0ba55
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed