MailEnable < 1.53 IMAP Service Multiple Remote Pre-Authentication Buffer Overflows

High Nessus Network Monitor Plugin ID 2435

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running a version of MailEnable Professional that is older than version 1.53. The remote version of this software is known to be prone to multiple remote buffer overflow vulnerabilities that have been fixed in version 1.53.

Solution

Upgrade to version 1.53 or higher.

See Also

http://www.hat-squad.com/en/000102.html

http://www.mailenable.com/hotfix/default.asp

Plugin Details

Severity: High

ID: 2435

File Name: 2435.prm

Family: SMTP Servers

Published: 2004/11/30

Modified: 2016/01/21

Dependencies: 2004, 2005

Nessus ID: 15852

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Reference Information

CVE: CVE-2004-2501

BID: 11755

OSVDB: 12135, 12136