Plugin ID | 333 |
Plugin name | MailEnable prior 1.52 IMAP service buffer overflows |
Plugin filename | MailEnable prior 1.52 IMAP service buffer overflows.plugin |
Plugin filesize | 2784 bytes |
Plugin family | SMTP |
Plugin created name | Marc Ruef |
Plugin created email | marc.ruef at computec.ch |
Plugin created web | http://www.computec.ch |
Plugin created company | computec.ch |
Plugin created date | 2005/01/09 |
Plugin version | 1.0 |
Plugin protocol | tcp |
Plugin port | 143 |
Plugin procedure detection | open|sleep|close|pattern_exists *Mail*Enable* Service*1.[0-4].* OR *Mail*Enable* Service*1.5.[0-2]* |
Plugin detection accuracy | 80 |
Plugin comment | The NASL script is Copyright (C) 2004 George A. Theall |
Bug produced web | http://www.mailenable.com |
Bug affected | MailEnable prior 1.52 |
Bug not affected | MailEnable prior 1.52 with patch, newer versions or other servers |
Bug vulnerability class | Buffer Overflow |
Bug description | The target is running at least one instance of MailEnable's IMAP service. Two flaws exist in MailEnable Professional Edition 1.52 and earlier as well as MailEnable Enterprise Edition 1.01 and earlier - a stack-based buffer overflow and an object pointer overwrite. A remote attacker can use either vulnerability to execute arbitrary code on the target. More information is available at: http://www.hat-squad.com/en/000102.html |
Bug solution | Apply the IMAP hotfix dated 25 November 2004 and found at http://www.mailenable.com/hotfix/default.asp |
Bug fixing time | Approx. 20 minutes |
Bug exploit availability | Maybe |
Bug exploit url | http://www.securityfocus.com/bid/11755/exploit/ |
Bug remote | Yes |
Bug local | Yes |
Bug severity | High |
Bug popularity | 7 |
Bug simplicity | 6 |
Bug impact | 9 |
Bug risk | 8 |
Bug Nessus risk | High |
Bug check tools | Nessus can check this flaw with the plugin 15852 (MailEnable IMAP Service Remote Buffer Overflows). |
Source SecurityFocus BID | 11755 |
Source OSVDB ID | 12135 |
Source Nessus ID | 15852 |
Source Literature | Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427 |
Source Misc. | http://www.hat-squad.com/en/000102.html |