Detections
Analytics

MailEnable IMAP Server EXAMINE Command Remote DoS

medium Nessus Plugin ID 20837

Language:

Synopsis

The remote IMAP server is susceptible to denial of service attacks.

Description

The remote host is running MailEnable, a commercial mail server for Windows.

According to the version number in its banner, the IMAP server bundled with the installation of MailEnable Professional on the remote host may crash when handling certain EXAMINE commands. An authenticated attacker may be able to leverage this issue to deny service to users with a specially crafted EXAMINE command.

Solution

Upgrade to MailEnable Professional 1.72 or later.

See Also

http://www.mailenable.com/professionalhistory.asp

Plugin Details

Severity: Medium

ID: 20837

File Name: mailenable_imap_172.nasl

Version: 1.18

Type: remote

Agent: windows

Family: Windows

Published: 2/2/2006

Updated: 7/14/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Excluded KB Items: imap/false_imap

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/1/2006

Reference Information

CVE: CVE-2006-0503

BID: 16457