製品・ソフトウェアに関する情報

JVN脆弱性詳細

MailEnable Professional などの IMAP サービスにおけるスタックベースのバッファオーバーフローの脆弱性

Title	MailEnable Professional などの IMAP サービスにおけるスタックベースのバッファオーバーフローの脆弱性
Summary	MailEnable Professional および Enterprise 用の IMAP サービスには、スタックベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、ME-10025 hotfix で対応されたように、巧妙に細工されたパラメータおよび過度に長い文字の前の事前認証コマンドを介して、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 11, 2006, midnight
Registration Date	Sept. 25, 2012, 3:36 p.m.
Last Update	Sept. 25, 2012, 3:36 p.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

MailEnable

MailEnable Enterprise 2.0 から 2.35、および 1.1 から 1.41

mailenable professional 1.6 から 1.84

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-6423	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6423
National Vulnerability Database (NVD)
2	CVE-2006-6423	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6423

ベンダー情報

No	Name	URL
MailEnable
1	Hot Fixes	http://www.mailenable.com/hotfix/

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-6423

Summary	Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix.
Summary	Desbordamiento de búfer basado en pila en el servicio IMAP para MailEnable Professional y Enterprise Edition 2.0 hasta 2.35, Professional Edition 1.6 hasta 1.84, y Enterprise Edition 1.1 hasta 1.41 permite a atacantes remotos ejecutar código de su elección mediante un comando de pre-autenticación seguido de un parámetro manipulado y una cadena larga como se indica en la actualización rápida (hotfix) ME-10025
Publication Date	Dec. 12, 2006, 11:28 a.m.
Registration Date	Jan. 29, 2021, 3:51 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mailenable:mailenable_enterprise:1.1:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.2:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.11:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.12:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.13:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.14:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.15:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.16:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.17:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.18:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.19:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.21:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.22:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.23:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.24:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.25:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.26:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.27:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.28:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.29:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.30:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.31:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.32:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.33:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.34:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.35:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.36:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.37:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.38:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.39:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.40:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.41:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.35:::::::*
cpe:2.3:a:mailenable:mailenable_professional:1.84:::::::*

Related information, measures and tools

No	URL	refsource
1	http://secunia.com/advisories/23201	PSIRT-CNA@flexerasoftware.com
2	http://secunia.com/secunia_research/2006-73/advisory/	PSIRT-CNA@flexerasoftware.com
3	http://securityreason.com/securityalert/2022	PSIRT-CNA@flexerasoftware.com
4	http://www.mailenable.com/hotfix/	PSIRT-CNA@flexerasoftware.com
5	http://www.securityfocus.com/archive/1/454075/100/0/threaded	PSIRT-CNA@flexerasoftware.com
6	http://www.securityfocus.com/bid/21492	PSIRT-CNA@flexerasoftware.com
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/30796	PSIRT-CNA@flexerasoftware.com
8	http://secunia.com/advisories/23201	af854a3a-2127-422b-91ae-364da2661108
9	http://secunia.com/secunia_research/2006-73/advisory/	af854a3a-2127-422b-91ae-364da2661108
10	http://securityreason.com/securityalert/2022	af854a3a-2127-422b-91ae-364da2661108
11	http://www.mailenable.com/hotfix/	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securityfocus.com/archive/1/454075/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securityfocus.com/bid/21492	af854a3a-2127-422b-91ae-364da2661108
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/30796	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mailenable:mailenable_enterprise:1.1:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.2:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.11:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.12:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.13:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.14:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.15:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.16:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.17:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.18:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.19:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.21:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.22:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.23:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.24:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.25:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.26:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.27:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.28:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.29:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.30:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.31:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.32:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.33:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.34:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.35:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.36:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.37:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.38:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.39:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.40:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.41:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.35:::::::*
cpe:2.3:a:mailenable:mailenable_professional:1.84:::::::*