PT-2004-3393 · Mailenable · Mailenable Enterprise Edition+1

Nima Majidi

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2501

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MailEnable Professional Edition version 1.52 MailEnable Enterprise Edition version 1.01

Description The issue is related to a buffer overflow in the IMAP service, which can be exploited by remote attackers to execute arbitrary code. This can be achieved by sending either a long command string or a long string to the MEIMAP service and then terminating the connection.

Recommendations For MailEnable Professional Edition version 1.52, update to a version that fixes the buffer overflow issue in the IMAP service. For MailEnable Enterprise Edition version 1.01, update to a version that fixes the buffer overflow issue in the IMAP service. As a temporary workaround, consider restricting access to the IMAP service to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2501

Affected Products

Mailenable Enterprise Edition

Mailenable Professional Edition

PT-2004-3393 · Mailenable · Mailenable Enterprise Edition+1

CVE-2004-2501

Related Identifiers

Affected Products

References · 11