Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-disclosure] [ACSSEC-2005-11-27-0x2] Remote Overflows in Mailenable Enterprise 1.1 / Professional 1.7
From: Security Advisories (Security-Advisoriesacs-inc.com)
Date: Tue Dec 20 2005 - 03:28:56 CST
Re: See-Security Research and Development
"A remote buffer overflow exists in MailEnable Enterprise 1.1 IMAP EXAMINE
command, which allows for post authentication code execution. This
vulnerability affects Mailenable Enterprise 1.1 *without* the ME-10009.EXE
-- There's a reason why the ME-10009 patch was released. You're welcome!
ACS Security Assessment Advisory - Buffer Overflow
ID: ACSSEC-2005-11-27 - 0x2
Class: Buffer Overflow
Package: MailEnable Enterprise Edition version 1.1
MailEnable Professional version 1.7
Build: Windows NT/2k/XP/2k3
Reported: Dec 01, 2005
Released: Dec 21, 2005
Credit: Tim Shelton <security-advisoriesacs-inc.com>
MailEnable's mail server software provides a powerful, scalable
hosted messaging platform for Microsoft Windows. MailEnable
offers stability, unsurpassed flexibility and an extensive
feature set which allows you to provide cost-effective mail
-=[ Technical Description
Multiple vulnerabilities has been identified in MailEnable,
which may be exploited by remote attackers to cause a denial
of service, or could lead to remote execution of code. This
issue is due to an error in the IMAP service that does not
properly handle specially crafted requests.
-=[ Proof of Concepts
IMAP REQUEST: '02 LIST /.:/' + Ax5000
IMAP REQUEST: '02 LSUB' /.:/ ('A' x 5000) request
IMAP REQUEST: '02 UID FETCH /.:/' AX5000 ' FLAGS'
IMAP REQUEST: '02 UID FETCH /...'x5 ' FLAGS'
IMAP REQUEST: '02 UID FETCH '/\'x5000 '
Several others exist and all have been reported to the vendor.
According to Peter Fregon of MailEnable Pty. Ltd, these advisories have been
patched in the latest ME-10009 Patch. Any further questions should be
directed towards the vendor.
Vulnerability originally reported by Tim Shelton
-=[ Similar References
2005-11-27 : Original Advisory
2005-12-01 : Notified Vendor
2005-12-03 : Vendor Response
2005-12-21 : Full Disclosure
-=[ Vendor Response
Sat 12/3/2005 1:41 AM
Thanks for the information. We have posted a hotfix for this at the
We will also be updating our installation kits with this hotfix shortly.
MailEnable Pty. Ltd.
Friday, 2 December 2005 03:02
Below is an internal advisory notification for MailEnable Enterprise Edition
version 1.1 and possibly others. Attached is our Ethical Disclosure
Policy. If you have any further questions, please do not hesitate to
ACS Security Assessment Engineering
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/