CVE-2006-6290

Name of the Vulnerable Software and Affected Versions MailEnable Professional versions 1.6 through 1.82 MailEnable Professional versions 2.0 through 2.33 MailEnable Enterprise versions 1.1 through 1.30 MailEnable Enterprise versions 2.0 through 2.33

Description The issue is related to multiple stack-based buffer overflows in the IMAP module, which can be exploited by remote authenticated users. This can lead to a denial of service (crash) or possibly allow the execution of arbitrary code. The exploitation occurs via a long argument to specific commands, including the EXAMINE or SELECT command.

Recommendations For MailEnable Professional versions 1.6 through 1.82, update to a version outside of this range to resolve the issue. For MailEnable Professional versions 2.0 through 2.33, update to a version outside of this range to resolve the issue. For MailEnable Enterprise versions 1.1 through 1.30, update to a version outside of this range to resolve the issue. For MailEnable Enterprise versions 2.0 through 2.33, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the IMAP module or limiting the length of arguments to the EXAMINE and SELECT commands until a patch is available.