Patch for mail server MailEnable
MailEnable has closed a hole in its eponymous mail server that attackers were able to use to execute arbitrary code on a system. The flaw is the result of a buffer overflow in the IMAP service that can occur during the processing of APPEND commands. Attackers have to have a valid account because this command is only available after authentication. MailEnable Enterprise Edition 1.x, 2.x and MailEnable Professional 1.x and 2.x were affected. A hot fix can now be downloaded and should be installed as quickly as possible because an exploit for the hole is already in circulation.
- IMAP Critical Hotfix/Update, MailEnable's description
(ehe)