MailEnable POP3 Server Authentication Vulnerabilities

This script is Copyright (C) 2006-2017 Tenable Network Security, Inc.


Synopsis :

The remote POP3 server is affected by two authentication issues.

Description :

The remote host is running MailEnable, a commercial mail server for
Windows.

The POP3 server bundled with the version of MailEnable on the remote
host has a buffer overflow flaw involving authentication commands that
can be exploited remotely by an unauthenticated attacker to crash the
affected service and possibly to execute code remotely.

In addition, it reportedly has a cryptographic implementation mistake
that weakens authentication security.

See also :

http://seclists.org/fulldisclosure/2006/Mar/1286
http://www.mailenable.com/hotfix/default.asp

Solution :

Apply the ME-10011 hotfix or upgrade to MailEnable Standard Edition
1.93 / Professional Edition 1.73 / Enterprise Edition 1.21 or later

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.1
(CVSS2#E:F/RL:U/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 21117 (mailenable_pop_auth_flaws.nasl)

Bugtraq ID: 17162

CVE ID: CVE-2006-1337

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now