CVE-2005-4457

Name of the Vulnerable Software and Affected Versions MailEnable Enterprise versions 1.1 and prior MailEnable Professional versions 1.71 and prior

Description The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command. It is also caused by errors in handling arguments passed to certain IMAP commands, such as UID FETCH, LIST, and LSUB. This can be exploited by an authenticated user to cause a DoS via malformed arguments or to cause a stack-based buffer overflow via an overly long argument.

Recommendations For MailEnable Enterprise version 1.1, apply patch ME-10009 to resolve the issue. For MailEnable Enterprise versions prior to 1.1, update to version 1.1 and apply patch ME-10009. For MailEnable Professional version 1.71 and prior, update to a version later than 1.71. As a temporary workaround, consider restricting access to the UID FETCH, LIST, and LSUB IMAP commands until a patch is available.