1. CVE-Search
  2. CVE-2006-6423
ID CVE-2006-6423
Summary Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix.
References
Vulnerable Configurations
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.16:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.17:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.18:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.19:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.21:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.22:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.23:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.24:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.24:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.25:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.25:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.26:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.26:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.27:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.27:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.28:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.28:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.29:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.29:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.30:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.30:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.31:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.31:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.32:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.32:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.33:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.33:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.34:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.34:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.35:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.35:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.36:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.36:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.37:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.37:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.38:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.38:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.39:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.39:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.40:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.40:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.41:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.41:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.35:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.35:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.84:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.84:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 17-10-2018 - 21:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 21492
bugtraq 20061211 Secunia Research: MailEnable IMAP Service Buffer OverflowVulnerability
confirm http://www.mailenable.com/hotfix/
misc http://secunia.com/secunia_research/2006-73/advisory/
secunia 23201
sreason 2022
xf mailenable-bounds-imap-bo(30796)
Last major update 17-10-2018 - 21:48
Published 12-12-2006 - 02:28
Last modified 17-10-2018 - 21:48
Back to Top