Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Denial of Service --> Category: denial

MailEnable SMTP Server HELO Command Denial of Service Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Tries to crash MailEnable SMTP server

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote SMTP server is susceptible to a denial of service attack.

Description :

The remote host is running MailEnable, a commercial mail server for
Windows.

According to the version number in its banner, the SMTP server bundled
with the installation of MailEnable on the remote host will crash when
handling malformed HELO commands. An unauthenticated attacker may be
able to leverage this issue to deny service to legitimate users.

See also :

http://www.divisionbyzero.be/?p=173
http://www.securityfocus.com/archive/1/438374/30/0/threaded
http://www.divisionbyzero.be/?p=174
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047443.html
http://www.mailenable.com/hotfix/

Solution :

Apply the ME-10013 hotfix referenced in the vendor link above.

Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:N/A:P/I:N/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.