icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MailEnable IMAP Service Remote DoS

Medium

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host is running a version of MailEnable's IMAP service that is prone to a remote Denial of Service (DoS) attack. Specifically, an attacker requesting a nonexistent mailbox can crash the service. An attacker exploiting this flaw would need to be able to authenticate with some valid user account. Following successful authentication, the attacker would request a nonexistent mailbox. Successful exploitation leads to a loss of availability.

Solution

Upgrade to MailEnable Professional 1.7.1 or higher or to MailEnable Enterprise Edition 1.2 or higher.