Detections
Analytics

SurgeMail IMAP Service APPEND Command Remote DoS

medium Nessus Plugin ID 33277

Language:

Synopsis

The remote mail server is prone to denial of service attacks.

Description

According to its banner, the remote host is running a version of the SurgeMail Mail Server older than 3.9g2. The IMAP service in such versions is reportedly affected by remote denial of service vulnerabilities when handling an APPEND command with a large parameter. An authenticated attacker can leverage this issue to crash the remote application.

Solution

Upgrade to SurgeMail 3.9g2 or later.

See Also

https://www.securityfocus.com/archive/1/496482

http://www.netwinsite.com/surgemail/help/updates.htm

Plugin Details

Severity: Medium

ID: 33277

File Name: surgemail_imap_command_unspecified_dos.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 6/30/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-2859, CVE-2008-7182

BID: 29805, 30000

CWE: 119

Secunia: 30739