AXIGEN Mail Server < 2.0.0 Multiple Remote Vulnerabilities
Critical Nessus Plugin ID 24321
SynopsisThe remote mail server is affected by multiple vulnerabilities.
DescriptionThe remote host is running AXIGEN Mail Server, a messaging system for Linux and BSD.
The POP3 server component of AXIGEN Mail Server contains a format string vulnerability because it calls syslog() when logtypeis set to 'system'. In addition, the IMAP server component is affected by two denial of service issues involving PLAIN and CRAM-MD5 authentication methods. An unauthenticated, remote attacker can leverage these issues to crash the IMAP service and possibly execute arbitrary code remotely.
SolutionUpgrade to AXIGEN Mail Server version 2.0.0 or later.