MailEnable POP3 Server Authentication Vulnerabilities
High Nessus Plugin ID 21117
SynopsisThe remote POP3 server is affected by two authentication issues.
DescriptionThe remote host is running MailEnable, a commercial mail server for Windows.
The POP3 server bundled with the version of MailEnable on the remote host has a buffer overflow flaw involving authentication commands that can be exploited remotely by an unauthenticated attacker to crash the affected service and possibly to execute code remotely.
In addition, it reportedly has a cryptographic implementation mistake that weakens authentication security.
SolutionApply the ME-10011 hotfix or upgrade to MailEnable Standard Edition 1.93 / Professional Edition 1.73 / Enterprise Edition 1.21 or later