MailEnable IMAP / SMTP Multiple Remote Vulnerabilities

Critical Nessus Plugin ID 17974


The remote mail server is affected by multiple issues.


The remote host is running a version of MailEnable Professional or MailEnable Enterprise Edition that is prone to the following vulnerabilities :

- An IMAP Authenticate Request Buffer Overflow Vulnerability Sending an AUTHENTICATE or LOGIN command with an argument of 1016 characters or more overflows a stack-based buffer. An attacker can leverage this flaw to overwrite sensitive program control variables and thereby control execution flow of the server process.

- An SMTP Malformed EHLO Request Denial Of Service Vulnerability The SMTP service does not properly handle malformed EHLO commands and may crash when it encounters an argument containing the character 0x99. A remote attacker could use this flaw to crash the SMTP service, thereby denying service to legitimate users.


Apply the IMAP and SMTP hotfix from 4th April 2005. Note that the hotfix does not fix the overflow involving an oversize LOGIN command.

See Also

Plugin Details

Severity: Critical

ID: 17974

File Name: mailenable_smtp_and_imap_vulns.nasl

Version: $Revision: 1.18 $

Type: remote

Agent: windows

Family: Windows

Published: 2005/04/06

Modified: 2016/10/27

Dependencies: 10125

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Excluded KB Items: imap/false_imap, imap/overflow

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2005/04/04

Exploitable With


Reference Information

CVE: CVE-2005-1013, CVE-2005-1014, CVE-2005-1015

BID: 12994, 12995, 13040

OSVDB: 15231, 15232, 15308