|
Family: Gain root remotely --> Category: denial
MailEnable POP3 Server Authentication Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Tries to crash MailEnable POP3 Server
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote POP3 server is affected by two authentication issues.
Description :
The remote host is running MailEnable, a commercial mail server for
Windows.
The POP3 server bundled with the version of MailEnable on the remote
host has a buffer overflow flaw involving authentication commands that
can be exploited remotely by an unauthenticated attacker to crash the
affected service and possibly to execute code remotely.
In addition, it reportedly has a cryptographic implementation mistake
that weakens authentication security.
See also :
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044229.html
http://www.mailenable.com/hotfix/default.asp
Solution :
Apply the ME-10011 hotfix or upgrade to MailEnable Standard Edition
1.93 / Professional Edition 1.73 / Enterprise Edition 1.21 or later
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|