MailEnable IMAP / SMTP Multiple Remote Vulnerabilities

critical Nessus Plugin ID 17974

Synopsis

The remote mail server is affected by multiple issues.

Description

The remote host is running a version of MailEnable Professional or MailEnable Enterprise Edition that is prone to the following vulnerabilities :

- An IMAP Authenticate Request Buffer Overflow Vulnerability Sending an AUTHENTICATE or LOGIN command with an argument of 1016 characters or more overflows a stack-based buffer. An attacker can leverage this flaw to overwrite sensitive program control variables and thereby control execution flow of the server process.

- An SMTP Malformed EHLO Request Denial Of Service Vulnerability The SMTP service does not properly handle malformed EHLO commands and may crash when it encounters an argument containing the character 0x99. A remote attacker could use this flaw to crash the SMTP service, thereby denying service to legitimate users.

Solution

Apply the IMAP and SMTP hotfix from 4th April 2005. Note that the hotfix does not fix the overflow involving an oversize LOGIN command.

See Also

https://seclists.org/bugtraq/2005/Apr/76

https://seclists.org/fulldisclosure/2005/Apr/104

http://www.mailenable.com/hotfix/

Plugin Details

Severity: Critical

ID: 17974

File Name: mailenable_smtp_and_imap_vulns.nasl

Version: 1.20

Type: remote

Agent: windows

Family: Windows

Published: 4/6/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Excluded KB Items: imap/false_imap, imap/overflow

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/4/2005

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2005-1013, CVE-2005-1014, CVE-2005-1015

BID: 12994, 12995, 13040