MailEnable POP3 Server APOP Command Remote Buffer Overflow

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote POP3 server is affected by a buffer overflow flaw.

Description :

The remote host is running MailEnable, a commercial mail server for
Windows.

The POP3 server bundled with the version of MailEnable on the remote
host has a buffer overflow flaw involving the APOP command that can be
exploited remotely by an unauthenticated attacker to crash the
affected service and possibly to execute code remotely.

See also :

http://forum.mailenable.com/viewtopic.php?t=9845
http://www.mailenable.com/hotfix/default.asp

Solution :

Apply the ME-10012 hotfix or upgrade to MailEnable Standard Edition
1.94 / Professional Edition 1.74 / Enterprise Edition 1.22 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Windows

Nessus Plugin ID: 21139 (mailenable_pop_apop_overflow.nasl)

Bugtraq ID:

CVE ID: CVE-2006-1792

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now