MailEnable POP3 Server Authentication Vulnerabilities

High Nessus Plugin ID 21117


The remote POP3 server is affected by two authentication issues.


The remote host is running MailEnable, a commercial mail server for Windows.

The POP3 server bundled with the version of MailEnable on the remote host has a buffer overflow flaw involving authentication commands that can be exploited remotely by an unauthenticated attacker to crash the affected service and possibly to execute code remotely.

In addition, it reportedly has a cryptographic implementation mistake that weakens authentication security.


Apply the ME-10011 hotfix or upgrade to MailEnable Standard Edition 1.93 / Professional Edition 1.73 / Enterprise Edition 1.21 or later

See Also

Plugin Details

Severity: High

ID: 21117

File Name: mailenable_pop_auth_flaws.nasl

Version: $Revision: 1.14 $

Type: remote

Agent: windows

Family: Windows

Published: 2006/03/22

Modified: 2017/07/19

Dependencies: 14773, 14772

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2006/03/20

Reference Information

CVE: CVE-2006-1337

BID: 17162

OSVDB: 24012