Detections
Analytics

ArGoSoft Mail Server _DUMP Command System Information Disclosure

medium Nessus Plugin ID 20976

Language:

Synopsis

The remote POP3 server is subject to an information disclosure issue.

Description

The remote host is running ArGoSoft Mail Server, a messaging system for Windows.

An unauthenticated attacker can gain information about the installed application as well as the remote host itself by sending the '_DUMP' command to the POP3 server.

Solution

Upgrade to ArGoSoft Mail Server 1.8.8.6 or later.

See Also

https://seclists.org/bugtraq/2006/Feb/447

https://www.argosoft.com/rootpages/mailserver/ChangeList.aspx

Plugin Details

Severity: Medium

ID: 20976

File Name: argosoft_ms_pop3_dump.nasl

Version: 1.21

Type: remote

Family: Misc.

Published: 2/25/2006

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/16/2006

Reference Information

CVE: CVE-2006-0928

BID: 16808