PT-2006-7032 · Mailenable · Mailenable Enterprise Edition+1

Jj Reyes

Published

2006-12-12

Updated

2018-10-17

CVE-2006-6423

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MailEnable Professional Edition versions 1.6 through 1.84 MailEnable Professional Edition versions 2.0 through 2.35 MailEnable Enterprise Edition versions 1.1 through 1.41

Description The issue is a stack-based buffer overflow in the IMAP service, allowing remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string.

Recommendations For MailEnable Professional Edition versions 1.6 through 1.84, apply the ME-10025 hotfix. For MailEnable Professional Edition versions 2.0 through 2.35, apply the ME-10025 hotfix. For MailEnable Enterprise Edition versions 1.1 through 1.41, apply the ME-10025 hotfix.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6423

Affected Products

Mailenable Enterprise Edition

Mailenable Professional Edition

PT-2006-7032 · Mailenable · Mailenable Enterprise Edition+1

CVE-2006-6423

Related Identifiers

Affected Products

References · 12