| VID |
18100 |
| Severity |
20 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The MailEnable Webmail service, according to its banner, has a denial of service vulnerability(2) via the quoted-printable emails. MailEnable is a commercial mail server for Microsoft Windows platforms. MailEnable Standard Edition versions prior to 1.93, MailEnable Professional Edition versions prior to 1.73, and MailEnable Enterprise Edition versions prior to 1.21 are vulnerable to a denial of service attack, caused due to an unspecified error within the webmail component. A remote attacker could exploit this vulnerability to consume all available CPU resources when a specially formatted quoted-printable email is viewed.
* Note: This check solely relied on the banner of the remote SMTP server to assess this vulnerability, so this might be a False Positive.
* References:
http://www.mailenable.com/standardhistory.asp
http://www.mailenable.com/professionalhistory.asp
http://www.mailenable.com/enterprisehistory.asp
http://secunia.com/advisories/19288/
* Platforms Affected:
MailEnable Enterprise Edition versions prior to 1.21
MailEnable Professional Edition versions prior to 1.73
MailEnable Standard Edition versions prior to 1.93
Microsoft Windows Any version |
| Recommendation |
For MailEnable Standard Edition:
Upgrade to the latest version of MailEnable Standard Edition (1.93 or later), available from the MailEnable Download Web site at http://www.mailenable.com/download.asp
For MailEnable Professional Edition:
Upgrade to the latest version of MailEnable Professional Edition (1.73 or later), available from the MailEnable Download Web site at http://www.mailenable.com/download.asp
For MailEnable Enterprise Edition:
Upgrade to the latest version of MailEnable Enterprise Edition (1.21 or later), available from the MailEnable Download Web site at http://www.mailenable.com/download.asp |
| Related URL |
CVE-2006-1338 (CVE) |
| Related URL |
17161 (SecurityFocus) |
| Related URL |
25315 (ISS) |
|
