SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (E-mail Server)  >  MailEnable Vendors:  MailEnable Pty. Ltd.
MailEnable HELO Command Lets Remote Users Deny Service
SecurityTracker Alert ID:  1016376
SecurityTracker URL:  http://securitytracker.com/id?1016376
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 26 2006
Impact:  Denial of service via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Description:  A vulnerability was reported in MailEnable. A remote user can cause denial of service conditions.

A remote user can send a specially crafted SMTP HELO command to cause the target SMTP service to crash.

divisionbyzero.be reported this vulnerability.
Impact:  A remote user can cause denial of service conditions.
Solution:  The vendor has issued a hotfix (ME-10013), available at:

http://www.mailenable.com/hotfix/default.asp
Vendor URL:  www.mailenable.com/ (Links to External Site)
Cause:  Not specified
Underlying OS:  Windows (NT), Windows (2000), Windows (2003), Windows (XP)
Reported By:  db0 <divisionbyzerodotbe@gmail.com>
Message History:   None.

 Source Message Contents
Date:  Sat, 24 Jun 2006 20:58:48 +0200
From:  db0 <divisionbyzerodotbe@gmail.com>
Subject:  [Full-disclosure] Mailenable SMTP Service DoS

 
Mailenable is vulnerable due to an error in the handling of the "HELO"
command in the SMTP service.

Product: Mailenable SMTP Service, All versions
Vuln type: Denial of Service
Risk: moderated
Attack type: Remote
Tested on: Windows 2003
Vendor patch: http://www.mailenable.com/hotfix/default.asp: ME-10013



-- 
www.divisionbyzero.be

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2006, SecurityGlobal.net LLC