Technical Description

Two vulnerabilities were identified in MailEnable, which could be exploited by attackers to execute arbitrary commands or create and rename arbitrary directories.

The first issue is due to stack overflow errors in the IMAP service (MEIMAPS.EXE) that does not properly handle specially crafted mailbox names passed to "select", "create", "delete", "rename", "subscribe" and "unsubscribe" commands, which could be exploited by authenticated attackers to compromise a vulnerable server.

The second vulnerability is due to an input validation error in the IMAP service (MEIMAP.EXE) that does not properly handle specially crafted mailbox names passed to the "create" and "rename" commands, which may be exploited by authenticated attackers to create or rename arbitrary directories.

Affected Products

MailEnable Professional version 1.6 and prior
MailEnable Enterprise version 1.1 and prior

Solution

Upgrade to MailEnable Professional Edition version 1.7 :
http://www.mailenable.com/download.asp
Or apply cumulative hotfix (ME-10008) :
http://www.mailenable.com/hotfix/ME-10008.EXE

References

http://www.vupen.com/english/advisories/2005/2484
http://secunia.com/secunia_research/2005-59/advisory/

Credits

Vulnerabilities reported by Tan Chew Keong (Secunia Research)

ChangeLog

2005-11-18 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.