Ability Mail Server < 2.70 IMAP4 FETCH DoS

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote mail server is affected by a denial of service
vulnerability.

Description :

The remote host appears to be running Ability Mail Server.

According to its banner, the IMAP service component of the installed
version of Ability Mail Server fails to correctly parse FETCH
commands. By sending a specially crafted FETCH command, an attacker
may be able to exploit this vulnerability to crash the IMAP server.

See also :

http://www.code-crafters.com/abilitymailserver/updatelog.html

Solution :

Upgrade to Ability Mail Server version 2.70 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 41644 (ams_270.nasl)

Bugtraq ID: 36519

CVE ID: CVE-2009-3445

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial