MailEnable SMTP Connector Service DNS Lookup DoS Vulnerability Network Vulnerability

Summary

The target is running at least one instance of MailEnable's SMTP Connector service. A flaw exists in both the Standard Edition 1.7x and Professional Edition 1.2x/1.5a-e that results in this service crashing if it receives a DNS response with over 100 MX records. A remote attacker can exploit this to perform a DoS attack against the SMTP server on the target. ***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number of MailEnable ***** installed there.

Solution

Upgrade to MailEnable Standard Edition 1.8 / Professional Edition 1.5e or greater.

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
ArGoSoft FTP Server XCWD Overflow
F-Secure Policy Manager Server fsmsh.dll module DoS
Connect back to SOCKS4 server
Adobe Flash Media Server XML Data Remote Denial of Service Vulnerability

Take action and discover your vulnerabilities