True North eMailServer < 5.3.4 Build 2019 LIST Command Remote DoS (deprecated)

Medium Nessus Network Monitor Plugin ID 3036

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host is running the True North eMailServer.
This version of eMailServer is vulnerable to a content-parsing flaw where a malformed IMAP request can cause the server to fail. An attacker exploiting this flaw would be able to disable the service remotely.

Solution

Upgrade to version 5.3.4 Build 2019 or higher.

See Also

http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034727.html

Plugin Details

Severity: Medium

ID: 3036

File Name: 3036.prm

Family: SMTP Servers

Published: 2005/06/27

Modified: 2016/01/30

Dependencies: 2004, 2005

Nessus ID: 18570

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 4.3

Temporal Score: 4.2

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Reference Information

CVE: CVE-2005-2083

BID: 14065

OSVDB: 17609