SurgeMail IMAP Service APPEND Command Remote DoS

medium Nessus Plugin ID 33277

Synopsis

The remote mail server is prone to denial of service attacks.

Description

According to its banner, the remote host is running a version of the SurgeMail Mail Server older than 3.9g2. The IMAP service in such versions is reportedly affected by remote denial of service vulnerabilities when handling an APPEND command with a large parameter. An authenticated attacker can leverage this issue to crash the remote application.

Solution

Upgrade to SurgeMail 3.9g2 or later.

See Also

https://www.securityfocus.com/archive/1/496482

http://www.netwinsite.com/surgemail/help/updates.htm

Plugin Details

Severity: Medium

ID: 33277

File Name: surgemail_imap_command_unspecified_dos.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 6/30/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-2859, CVE-2008-7182

BID: 29805, 30000

CWE: 119

Secunia: 30739