True North eMailServer < 5.3.4 Build 2019 LIST Command Remote DoS (deprecated)

Medium Nessus Network Monitor Plugin ID 3034

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host is running the True North eMailServer.
This version of eMailServer is vulnerable to a content-parsing flaw where a malformed IMAP request can cause the server to fail. An attacker exploiting this flaw would be able to disable the service remotely.

Solution

Upgrade to version 5.3.4 Build 2019 or higher.

Plugin Details

Severity: Medium

ID: 3034

Family: POP Server

Published: 2005/06/27

Modified: 2018/09/16

Dependencies: 3035

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 6.2

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Reference Information

CVE: CVE-2005-2083

BID: 14065