CVE-2006-6291

Name of the Vulnerable Software and Affected Versions MailEnable Professional versions 1.6 through 1.83 MailEnable Professional versions 2.0 through 2.33 MailEnable Enterprise versions 1.1 through 1.40 MailEnable Enterprise versions 2.0 through 2.33

Description The issue is related to a stack overflow in the IMAP module, which can be triggered by remote authenticated users. This is achieved by sending a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command. The result is a denial of service, causing the system to crash.

Recommendations For MailEnable Professional versions 1.6 through 1.83, apply the ME-10020 hotfix. For MailEnable Professional versions 2.0 through 2.33, apply the ME-10020 hotfix. For MailEnable Enterprise versions 1.1 through 1.40, apply the ME-10020 hotfix. For MailEnable Enterprise versions 2.0 through 2.33, apply the ME-10020 hotfix.