AXIGEN Mail Server < 2.0.0 Multiple Remote Vulnerabilities

Critical Nessus Plugin ID 24321


The remote mail server is affected by multiple vulnerabilities.


The remote host is running AXIGEN Mail Server, a messaging system for Linux and BSD.

The POP3 server component of AXIGEN Mail Server contains a format string vulnerability because it calls syslog() when logtypeis set to 'system'. In addition, the IMAP server component is affected by two denial of service issues involving PLAIN and CRAM-MD5 authentication methods. An unauthenticated, remote attacker can leverage these issues to crash the IMAP service and possibly execute arbitrary code remotely.


Upgrade to AXIGEN Mail Server version 2.0.0 or later.

See Also

Plugin Details

Severity: Critical

ID: 24321

File Name: axigen_imap_auth_dos.nasl

Version: $Revision: 1.24 $

Type: remote

Published: 2007/02/09

Modified: 2016/05/19

Dependencies: 17975

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:gecad:axigen_mail_server

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2007/02/08

Reference Information

CVE: CVE-2007-0886, CVE-2007-0887

BID: 22473, 22603

OSVDB: 33165, 38133

EDB-ID: 3289, 3290, 3329