Detections
Analytics

MailEnable Standard SMTP mailto: Request Format String

medium Nessus Plugin ID 17364

Language:

Synopsis

The remote SMTP server is afflicted by a format string vulnerability.

Description

The remote host is running a version of MailEnable Standard Edition that suffers from a format string vulnerability in its handling of SMTP commands. Specifically, a remote attacker can crash the SMTP daemon by sending a command with a format specifier as an argument. Due to the nature of the flaw, it is likely that an attacker can also be able to gain control of program execution and inject arbitrary code.

Solution

Apply the SMTP fix from 18th March 2005 located at http://www.mailenable.com/hotfix/

See Also

https://www.securityfocus.com/archive/1/393566

Plugin Details

Severity: Medium

ID: 17364

File Name: mailenable_smtp_cmd_format_strings.nasl

Version: 1.18

Type: remote

Published: 3/18/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/17/2005

Reference Information

CVE: CVE-2005-0804

BID: 12833