MailEnable Standard SMTP mailto: Request Format String
Medium Nessus Plugin ID 17364
SynopsisThe remote SMTP server is afflicted by a format string vulnerability.
DescriptionThe remote host is running a version of MailEnable Standard Edition that suffers from a format string vulnerability in its handling of SMTP commands. Specifically, a remote attacker can crash the SMTP daemon by sending a command with a format specifier as an argument. Due to the nature of the flaw, it is likely that an attacker can also be able to gain control of program execution and inject arbitrary code.
SolutionApply the SMTP fix from 18th March 2005 located at http://www.mailenable.com/hotfix/