Ability Mail Server < 2.61 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 4292

Synopsis

The remote mail server is affected by multiple denial of service vulnerabilities.

Description

The remote host appears to be running Ability POP3 Server. According to its banner, the installed version of Ability Mail Server is affected by two issues that could cause the application to crash. One involves messages that are changed to a blank string, the other concerns IMAP4 commands with malformed number list ranges. It is not currently known whether either or both issues can be exploited without authentication.

Solution

Upgrade to version 2.61 or higher.

See Also

http://www.code-crafters.com/abilitymailserver/updatelog.html

Plugin Details

Severity: Medium

ID: 4292

Family: POP Server

Published: 2007/11/21

Modified: 2016/01/21

Dependencies: 3035

Nessus ID: 28289

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2007-6101

BID: 26514