MailEnable POP3 Server Authentication Vulnerabilities

high Nessus Plugin ID 21117

Synopsis

The remote POP3 server is affected by two authentication issues.

Description

The remote host is running MailEnable, a commercial mail server for Windows.

The POP3 server bundled with the version of MailEnable on the remote host has a buffer overflow flaw involving authentication commands that can be exploited remotely by an unauthenticated attacker to crash the affected service and possibly to execute code remotely.

In addition, it reportedly has a cryptographic implementation mistake that weakens authentication security.

Solution

Apply the ME-10011 hotfix or upgrade to MailEnable Standard Edition 1.93 / Professional Edition 1.73 / Enterprise Edition 1.21 or later

See Also

https://seclists.org/fulldisclosure/2006/Mar/1286

http://www.mailenable.com/hotfix/default.aspx

Plugin Details

Severity: High

ID: 21117

File Name: mailenable_pop_auth_flaws.nasl

Version: 1.17

Type: remote

Agent: windows

Family: Windows

Published: 3/22/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/20/2006

Reference Information

CVE: CVE-2006-1337

BID: 17162