PT-2006-6920 · Mailenable · Mailenable Professional+1
Published
2006-12-05
·
Updated
2019-10-03
·
CVE-2006-6291
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
MailEnable Professional versions 1.6 through 1.83
MailEnable Professional versions 2.0 through 2.33
MailEnable Enterprise versions 1.1 through 1.40
MailEnable Enterprise versions 2.0 through 2.33
Description
The issue is related to a stack overflow in the IMAP module, which can be triggered by remote authenticated users. This is achieved by sending a long argument containing
* (asterisk) and ? (question mark) characters to the DELETE command. The result is a denial of service, causing the system to crash.Recommendations
For MailEnable Professional versions 1.6 through 1.83, apply the ME-10020 hotfix.
For MailEnable Professional versions 2.0 through 2.33, apply the ME-10020 hotfix.
For MailEnable Enterprise versions 1.1 through 1.40, apply the ME-10020 hotfix.
For MailEnable Enterprise versions 2.0 through 2.33, apply the ME-10020 hotfix.
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mailenable Enterprise
Mailenable Professional