MailEnable SMTP HELO Command Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running MailEnable and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to crash the service by sending HELO command with specially crafted arguments. Impact Level: Application

Solution

Upgrade MailEnable version 6 or later, For updates refer to http://www.mailenable.com/

Insight

MailEnable SMTP service fails to handle the HELO command. This can be exploited to crash the service via a HELO command with specially crafted arguments.

Affected

MailEnable Standard version 1.92 and prior MailEnable Enterprise version 2.0 and prior MailEnable Professional version 2.0 and prior

References

http://secunia.com/advisories/20790
http://securitytracker.com/id?1016376
http://www.mailenable.com/
http://www.mailenable.com/hotfix/default.asp
http://xforce.iss.net/xforce/xfdb/27387

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-3277
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Microsoft Windows SMTP Server DNS spoofing vulnerability
Sendmail custom configuration file
MailEnable SMTP HELO Command Denial of Service Vulnerability
Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
Multiple Kerio Products Administration Console File Disclosure and Corruption Vulnerability

Take action and discover your vulnerabilities