AXIGEN Mail Server IMAP Server Multiple Authentication Methods DoS

High Nessus Network Monitor Plugin ID 3906

Synopsis

The remote IMAP server is prone to multiple vulnerabilities.

Description

The remote host is running AXIGEN Mail Server, a messaging system for Linux and BSD. The IMAP server component of AXIGEN Mail Server is affected by two denial of service issues involving PLAIN and CRAM-MD5 authentication methods. An unauthenticated remote attacker can leverage these issues to crash the IMAP service and possibly even execute arbitrary code remotely.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://milw0rm.com/exploits/3289

http://milw0rm.com/exploits/3290

http://milw0rm.com/exploits/3329

http://www.axigen.com/forum/showthread.php?p=2386#post2386

http://www.axigen.com

Plugin Details

Severity: High

ID: 3906

File Name: 3906.prm

Family: IMAP Servers

Published: 2007/02/09

Modified: 2016/02/05

Nessus ID: 24321

Risk Information

Risk Factor: High

CVSSv2

Base Score: 8.3

Temporal Score: 7.9

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 8.7

Temporal Score: 8.4

Vector: CVSS3#AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Reference Information

CVE: CVE-2007-0886, CVE-2007-0887

BID: 22473, 22603