MailEnable IMAP Server SEARCH Command Remote DoS

This script is Copyright (C) 2004-2012 George A. Theall


Synopsis :

The remote mail server is affected by a remote denial of service
vulnerability.

Description :

The target is running at least one instance of MailEnable's IMAP
service. A flaw exists in MailEnable Professional Edition versions
1.5a-d that results in this service crashing if it receives a SEARCH
command. An authenticated user could send this command either on
purpose as a denial of service attack or unwittingly since some IMAP
clients, such as IMP and Vmail, use it as part of the normal login
process.

See also :

http://www.mailenable.com/professionalhistory.asp

Solution :

Upgrade to MailEnable Professional 1.5e or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 15487 (mailenable_imap_search_dos.nasl)

Bugtraq ID: 11418

CVE ID: CVE-2004-2194

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now