Intrusion Prevention

IMAP.Commands.NULL.Pointer.DoS

Description

This indicates an attempt to exploit a Null pointer vulnerability in the IMAP service in MAilEnable.
The vulnerability can be exploited by omission of the required arguments to IMAP commands like SEARCH and APPEND, causing an application crash. As a result an attacker can cause a denial of service, preventing the IMAP server from responding to legitimate users. This can be done by sending a malicious IMAP command string. Note that in some cases this does not require valid credentials.

Affected Products

MailEnable 3.13 and earlier.

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade your IMAP service software to the latest version.
http://www.mailenable.com/hotfix/default.asp

CVE References

CVE-2008-1277 CVE-2008-1276