NVD Vulnerability Detail

CVE-2006-6290

Summary	Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) EXAMINE or (2) SELECT command.
Publication Date	Dec. 5, 2006, 8:28 p.m.
Registration Date	Jan. 29, 2021, 3:51 p.m.
Last Update	Oct. 18, 2018, 6:47 a.m.

CVSS2.0 : MEDIUM
Score	6.5
Vector	AV:N/AC:L/Au:S/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	単一
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	はい
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mailenable:mailenable_enterprise:1.1:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.2:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.11:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.12:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.13:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.14:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.15:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.16:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.17:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.18:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.19:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.21:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.22:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.23:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.24:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.25:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.26:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.27:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.28:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.29:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.30:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.0:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.01:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.1:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.2:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.03:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.04:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.05:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.06:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.07:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.08:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.09:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.11:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.12:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.13:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.14:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.15:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.16:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.17:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.18:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.19:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.21:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.22:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.23:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.24:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.25:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.26:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.27:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.28:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.29:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.30:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.31:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.32:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.33:::::::*
cpe:2.3:a:mailenable:mailenable_professional:1.6:::::::*
cpe:2.3:a:mailenable:mailenable_professional:1.82:::::::*
cpe:2.3:a:mailenable:mailenable_professional:2.0:::::::*
cpe:2.3:a:mailenable:mailenable_professional:2.33:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/23047	SECUNIA
2	http://secunia.com/advisories/23080	SECUNIA
3	http://secunia.com/secunia_research/2006-71/advisory/	MISC	Patch Vendor Advisory
4	http://securitytracker.com/id?1017276	SECTRACK
5	http://securitytracker.com/id?1017319	SECTRACK
6	http://www.mailenable.com/hotfix/	CONFIRM	Patch
7	http://www.securityfocus.com/archive/1/453118/100/100/threaded	BUGTRAQ
8	http://www.securityfocus.com/bid/21362	BID
9	http://www.vupen.com/english/advisories/2006/4673	VUPEN
10	http://www.vupen.com/english/advisories/2006/4778	VUPEN
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/30614	XF

Common Vulnerabilities List

JVN Vulnerability Information

MailEnable の IMAP モジュールにおけるスタックベースバッファオーバーフローの脆弱性

Title	MailEnable の IMAP モジュールにおけるスタックベースバッファオーバーフローの脆弱性
Summary	MailEnable Professional および MailEnable Enterprise の IMAP モジュール (MEIMAPS.EXE) には、スタックベースバッファオーバーフローの脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、(1) EXAMINE または (2) SELECT コマンドへの過度に長い引数を介して、サービスの運用妨害 (クラッシュ) 状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 5, 2006, midnight
Registration Date	Sept. 25, 2012, 3:36 p.m.
Last Update	Sept. 25, 2012, 3:36 p.m.

Affected System

MailEnable

MailEnable Enterprise 1.1 から 1.30、および 2.0 から 2.33

mailenable professional 1.6 から 1.82、および 2.0 から 2.33

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-6290	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6290
National Vulnerability Database (NVD)
2	CVE-2006-6290	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6290

ベンダー情報

No	Name	URL
MailEnable
1	Hot Fixes	http://www.mailenable.com/hotfix/

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mailenable:mailenable_enterprise:1.1:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.2:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.11:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.12:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.13:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.14:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.15:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.16:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.17:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.18:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.19:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.21:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.22:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.23:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.24:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.25:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.26:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.27:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.28:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.29:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:1.30:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.0:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.01:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.1:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.2:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.03:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.04:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.05:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.06:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.07:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.08:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.09:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.11:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.12:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.13:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.14:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.15:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.16:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.17:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.18:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.19:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.21:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.22:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.23:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.24:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.25:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.26:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.27:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.28:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.29:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.30:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.31:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.32:::::::*
cpe:2.3:a:mailenable:mailenable_enterprise:2.33:::::::*
cpe:2.3:a:mailenable:mailenable_professional:1.6:::::::*
cpe:2.3:a:mailenable:mailenable_professional:1.82:::::::*
cpe:2.3:a:mailenable:mailenable_professional:2.0:::::::*
cpe:2.3:a:mailenable:mailenable_professional:2.33:::::::*