MailEnable buffers runneth over
The producers of the MailEnable mail server have once more been forced to release an update to fix a total of 3 vulnerabilities in their software. Over-long arguments passed to the EXAMINE and SELECT commands can be used to provoke a buffer overflow, which, according to Secunia, can be used to infiltrate onto, and execute code on, the IMAP server (MEIMAPS.EXE). This does, however, require the attacker to be logged onto the server.
The third vulnerability merely causes the server to crash. This occurs when the argument passed to the DELETE command consists of a large number of asterisks and question marks only. In this case too, an attacker must be logged onto the server. According to Secunia, MailEnable Professional Edition versions 2.32 and 1.6 - 1.83, Enterprise Edition 1.1 - 1.40, Professional Edition 2.0 - 2.33 and Enterprise Edition 2.0 - 2.33 are affected.
- MailEnable IMAP Service Two Vulnerabilities, security advisory from Secunia
(trk)