MailEnable POP3 Server APOP Command Remote Buffer Overflow

critical Nessus Plugin ID 21139

Synopsis

The remote POP3 server is affected by a buffer overflow flaw.

Description

The remote host is running MailEnable, a commercial mail server for Windows.

The POP3 server bundled with the version of MailEnable on the remote host has a buffer overflow flaw involving the APOP command that can be exploited remotely by an unauthenticated attacker to crash the affected service and possibly to execute code remotely.

Solution

Apply the ME-10012 hotfix or upgrade to MailEnable Standard Edition 1.94 / Professional Edition 1.74 / Enterprise Edition 1.22 or later.

See Also

https://www.mailenable.com/forum/viewtopic.php?t=9845

http://www.mailenable.com/hotfix/default.aspx

Plugin Details

Severity: Critical

ID: 21139

File Name: mailenable_pop_apop_overflow.nasl

Version: 1.14

Type: remote

Agent: windows

Family: Windows

Published: 3/23/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Vulnerability Publication Date: 3/23/2006

Reference Information

CVE: CVE-2006-1792