AXIGEN Mail Server IMAP Server Multiple Authentication Methods DoS

high Nessus Network Monitor Plugin ID 3906

Synopsis

The remote IMAP server is prone to multiple vulnerabilities.

Description

The remote host is running AXIGEN Mail Server, a messaging system for Linux and BSD. The IMAP server component of AXIGEN Mail Server is affected by two denial of service issues involving PLAIN and CRAM-MD5 authentication methods. An unauthenticated remote attacker can leverage these issues to crash the IMAP service and possibly even execute arbitrary code remotely.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://milw0rm.com/exploits/3289

http://milw0rm.com/exploits/3290

http://milw0rm.com/exploits/3329

http://www.axigen.com/forum/showthread.php?p=2386#post2386

http://www.axigen.com

Plugin Details

Severity: High

ID: 3906

Family: IMAP Servers

Published: 2/9/2007

Updated: 3/6/2019

Nessus ID: 24321

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 7.9

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.6

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:gecad_technologies:axigen_mail_server

Reference Information

CVE: CVE-2007-0886, CVE-2007-0887

BID: 22473, 22603