|
|
Family: Gain a shell remotely --> Category: mixed
MailEnable SE SMTP Command Format String Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for SMTP command format string vulnerability in MailEnable SE
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote SMTP server is afflicted by a format string vulnerability.
Description :
The remote host is running a version of MailEnable Standard Edition
that suffers from a format string vulnerability in its handling of
SMTP commands. Specifically, a remote attacker can crash the SMTP
daemon by sending a command with a format specifier as an argument.
Due to the nature of the flaw, it is likely that a possible hacker can also
be able to gain control of program execution and inject arbitrary
code.
See also :
http://www.securityfocus.com/archive/1/393566
Solution :
Apply the SMTP fix from 18th March 2005 located at
http://www.mailenable.com/hotfix/
Threat Level:
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
