TITLE: MailEnable Multiple IMAP Command Vulnerabilities SECUNIA ADVISORY ID: SA18134 VERIFY ADVISORY: http://secunia.com/advisories/18134/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: MailEnable Enterprise Edition 1.x http://secunia.com/product/4325/ MailEnable Professional 1.x http://secunia.com/product/3474/ DESCRIPTION: Tim Shelton has reported some vulnerabilities in MailEnable, which can be exploited by malicious users to cause a DoS (Denial of Service) and to compromise a vulnerable system. The vulnerabilities are caused due to errors in the handling of arguments passed to certain IMAP commands (e.g. "UID FETCH", "LIST" and "LSUB"). This can be exploited by an authenticated user to cause a DoS via malformed arguments or to cause a stack-based buffer overflow via an overly long argument. The vulnerabilities have been reported in the following products: * MailEnable Professional version 1.71 and prior. * MailEnable Enterprise version 1.1 and prior. The vulnerability in the "UID FETCH" command has been confirmed in MailEnable Enterprise version 1.1 with ME-10009 applied. Note: The vulnerability in some commands may have been fixed in an earlier update. SOLUTION: Apply cumulative update (ME-10010): http://www.mailenable.com/hotfix/ME-10010.EXE PROVIDED AND/OR DISCOVERED BY: Tim Shelton ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040388.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------