|
Family: Misc. --> Category: infos
ArGoSoft Mail Server _DUMP Command Information Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for _DUMP command information disclosure vulnerability in ArGoSoft POP3 server
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote POP3 server is subject to an information disclosure issue.
Description :
The remote host is running ArGoSoft Mail Server, a messaging system
for Windows.
An unauthenticated attacker can gain information about the installed
application as well as the remote host itself by sending the '_DUMP'
command to the POP3 server.
See also :
http://archives.neohapsis.com/archives/bugtraq/2006-02/0438.html
http://www.argosoft.com/rootpages/mailserver/ChangeList.aspx
Solution :
Upgrade to ArGoSoft Mail Server 1.8.8.6 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|