hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by a denial of
service vulnerability.

Description :

The remote host is running hMailServer, a mail server for Windows.

By sending large amounts of data along with certain IMAP commands such
as 'CREATE' or 'RENAME', an authenticated user may be able to crash
the remote mail server.

See also :

http://www.securityfocus.com/archive/1/495361
http://www.hmailserver.com/documentation/?page=changelog

Solution :

Upgrade to hMailServer 4.4.2-B279 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 33902 (hmailserver_remote_dos.nasl)

Bugtraq ID: 30663

CVE ID: CVE-2008-3676

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now