True North eMailServer < 5.3.4 Build 2019 LIST Command Remote DoS (deprecated)

medium Nessus Network Monitor Plugin ID 3036

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host is running the True North eMailServer.
This version of eMailServer is vulnerable to a content-parsing flaw where a malformed IMAP request can cause the server to fail. An attacker exploiting this flaw would be able to disable the service remotely.

Solution

Upgrade to version 5.3.4 Build 2019 or higher.

See Also

http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034727.html

Plugin Details

Severity: Medium

ID: 3036

Family: SMTP Servers

Published: 6/27/2005

Updated: 3/6/2019

Nessus ID: 18570

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Reference Information

CVE: CVE-2005-2083

BID: 14065