MailEnable IMAP Server EXAMINE Command Remote DoS

This script is Copyright (C) 2006-2011 Tenable Network Security, Inc.


Synopsis :

The remote IMAP server is susceptible to denial of service attacks.

Description :

The remote host is running MailEnable, a commercial mail server for
Windows.

According to the version number in its banner, the IMAP server bundled
with the installation of MailEnable Professional on the remote host
may crash when handling certain EXAMINE commands. An authenticated
attacker may be able to leverage this issue to deny service to users
with a specially crafted EXAMINE command.

See also :

http://www.mailenable.com/professionalhistory.asp

Solution :

Upgrade to MailEnable Professional 1.72 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 20837 (mailenable_imap_172.nasl)

Bugtraq ID: 16457

CVE ID: CVE-2006-0503

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now