MailEnable IMAP Server SEARCH Command Remote DoS
Medium Nessus Plugin ID 15487
SynopsisThe remote mail server is affected by a remote denial of service vulnerability.
DescriptionThe target is running at least one instance of MailEnable's IMAP service. A flaw exists in MailEnable Professional Edition versions 1.5a-d that results in this service crashing if it receives a SEARCH command. An authenticated user could send this command either on purpose as a denial of service attack or unwittingly since some IMAP clients, such as IMP and Vmail, use it as part of the normal login process.
SolutionUpgrade to MailEnable Professional 1.5e or later.