| VID |
18108 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The SMTP service (MESMTPC.exe) included with the version of MailEnable on the remote host reportedly does not properly check the length of either the email address used in a 'MAIL FROM' command or the domain name in a 'RCPT TO' command before using it in a log message.
A malicious attacker may be able to leverage these issues to trigger an unhandled invalid parameter error and cause the affected SMTP service to crash.
* Note: This check solely relied on the banner of the remote SMTP server to assess this vulnerability, so this might be a False Positive.
* References:
http://secunia.com/secunia_research/2010-112/
http://www.mailenable.com/hotfix/
http://www.mailenable.com/Standard-ReleaseNotes.txt
http://www.mailenable.com/Professional-ReleaseNotes.txt
http://www.mailenable.com/Enterprise-ReleaseNotes.txt
* Platforms Affected:
MailEnable version 4.25 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of MailEnable (4.26 or later), available from the MailEnable Download Web site at http://www.mailenable.com/download.asp |
| Related URL |
CVE-2010-2580 (CVE) |
| Related URL |
43182 (SecurityFocus) |
| Related URL |
(ISS) |
|
