Ability Mail Server < 2.70 IMAP4 FETCH DoS

This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.


Synopsis :

The remote mail server is affected by a denial of service
vulnerability.

Description :

The remote host appears to be running Ability Mail Server.

According to its banner, the IMAP service component of the installed
version of Ability Mail Server fails to correctly parse FETCH
commands. By sending a specially crafted FETCH command, an attacker
may be able to exploit this vulnerability to crash the IMAP server.

See also :

http://www.code-crafters.com/abilitymailserver/updatelog.html

Solution :

Upgrade to Ability Mail Server version 2.70 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 41644 (ams_270.nasl)

Bugtraq ID: 36519

CVE ID: CVE-2009-3445