MailEnable IMAP Service多个远程Pre-Authentication缓冲区溢出漏洞-一一网

漏洞信息详情

MailEnable IMAP Service多个远程Pre-Authentication缓冲区溢出漏洞

CNNVD编号：CNNVD-200412-1125

危害等级：高危
CVE编号：
CVE-2004-2501
漏洞类型：

缓冲区溢出
发布时间：

2004-12-31
威胁类型：

远程
更新时间：

2007-07-24
厂商：

mailenable
漏洞来源：
Discovery of this …

漏洞简介

MailEnable Professional Edition 1.52和Enterprise Edition 1.01版本的IMAP service存在缓冲区溢出漏洞。远程攻击者借助（1）超长命令字符串或者（2）MEIMAP service的超长字符串执行任意代码然后终止连接。

漏洞公告

It is reported that the vendor has released a fix for this vulnerability. This fix does not appear to be available at the time of writing. Reports indicate that the fix will be available at the following location:
http://mailenable.com/hotfix.asp
Customers are advised to contact the vendor for further details in regards to obtaining and applying appropriate updates
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

参考网址

来源: BID
名称: 11755
链接:http://www.securityfocus.com/bid/11755

来源: www.hat-squad.com
链接:http://www.hat-squad.com/en/000102.html

来源: SECTRACK
名称: 1012327
链接:http://securitytracker.com/id?1012327

来源: SECUNIA
名称: 13318
链接:http://secunia.com/advisories/13318

来源: BUGTRAQ
名称: 20041125 Remote buffer overflow in MailEnable IMAP service [Hat-Squad Advisory]
链接:http://archives.neohapsis.com/archives/bugtraq/2004-11/0349.html

来源: XF
名称: mailenable-imap-code-execution(18286)
链接:http://xforce.iss.net/xforce/xfdb/18286

来源: XF
名称: mailenable-imap-bo(18285)
链接:http://xforce.iss.net/xforce/xfdb/18285

来源: OSVDB
名称: 12136
链接:http://www.osvdb.org/12136

来源: OSVDB
名称: 12135
链接:http://www.osvdb.org/12135