CVE-2006-0448

Name of the Vulnerable Software and Affected Versions E-Post Mail versions 4.05 SPA-PRO Mail versions 4.05

Description The issue allows remote attackers to list arbitrary directories, cause a denial of service, or create arbitrary files. This can be achieved via the LIST command, or through the APPEND, COPY, or RENAME commands.

Recommendations For E-Post Mail version 4.05, consider restricting access to the IMAP service until a fix is available. For SPA-PRO Mail version 4.05, avoid using the vulnerable EPSTIMAP4S.EXE and SPA-IMAP4S.EXE executables in the IMAP service until the issue is resolved. As a temporary workaround, consider disabling the LIST, APPEND, COPY, and RENAME commands in the IMAP service for both E-Post Mail and SPA-PRO Mail versions 4.05.