|
Family: Denial of Service --> Category: denial
MailEnable SMTP Server HELO Command Denial of Service Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to crash MailEnable SMTP server
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote SMTP server is susceptible to a denial of service attack.
Description :
The remote host is running MailEnable, a commercial mail server for
Windows.
According to the version number in its banner, the SMTP server bundled
with the installation of MailEnable on the remote host will crash when
handling malformed HELO commands. An unauthenticated attacker may be
able to leverage this issue to deny service to legitimate users.
See also :
http://www.divisionbyzero.be/?p=173
http://www.securityfocus.com/archive/1/438374/30/0/threaded
http://www.divisionbyzero.be/?p=174
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047443.html
http://www.mailenable.com/hotfix/
Solution :
Apply the ME-10013 hotfix referenced in the vendor link above.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:N/A:P/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|