In association with heise online

02 December 2006, 10:09

MailEnable buffers runneth over

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The producers of the MailEnable mail server have once more been forced to release an update to fix a total of 3 vulnerabilities in their software. Over-long arguments passed to the EXAMINE and SELECT commands can be used to provoke a buffer overflow, which, according to Secunia, can be used to infiltrate onto, and execute code on, the IMAP server (MEIMAPS.EXE). This does, however, require the attacker to be logged onto the server.

The third vulnerability merely causes the server to crash. This occurs when the argument passed to the DELETE command consists of a large number of asterisks and question marks only. In this case too, an attacker must be logged onto the server. According to Secunia, MailEnable Professional Edition versions 2.32 and 1.6 - 1.83, Enterprise Edition 1.1 - 1.40, Professional Edition 2.0 - 2.33 and Enterprise Edition 2.0 - 2.33 are affected.

See also:

(trk)

Print Version | Send by email | Permalink: http://h-online.com/-731906
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit