PT-2008-2868 · Mailenable · Mailenable Enterprise Edition+1
Luigi Auriemma
·
Published
2008-03-10
·
Updated
2018-10-11
·
CVE-2008-1276
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
MailEnable Professional Edition versions 3.13 and earlier
MailEnable Enterprise Edition versions 3.13 and earlier
Description
The issue is related to multiple buffer overflows in the IMAP service, which can be exploited by remote authenticated attackers to execute arbitrary code. This can be achieved by providing long arguments to specific commands, including the
FETCH, EXAMINE, and UNSUBSCRIBE commands.Recommendations
For MailEnable Professional Edition versions 3.13 and earlier, update to a version later than 3.13 to resolve the issue.
For MailEnable Enterprise Edition versions 3.13 and earlier, update to a version later than 3.13 to resolve the issue.
As a temporary workaround, consider restricting access to the IMAP service or limiting the length of arguments to the
FETCH, EXAMINE, and UNSUBSCRIBE commands until a patch is available.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mailenable Enterprise Edition
Mailenable Professional Edition