MailEnable < 1.8.1 mailto Remote Format String Overflow

critical Nessus Network Monitor Plugin ID 2717

Synopsis

The remote host is vulnerable to a remote 'format string' flaw.

Description

The remote host is running a version of MailEnable Professional which is reported to be prone to a remote format string vulnerability. Specifically, the application fails to properly parse the SMTP 'mailto:' request. An attacker exploiting this flaw would send a malformed query to the server which, upon being parsed, would either crash the remote host or possibly execute arbitrary commands on the remote host.

Solution

Upgrade to version 1.8.1 or higher.

See Also

http://archives.neohapsis.com/archives/bugtraq/2005-04/0070.html

http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0078.html

Plugin Details

Severity: Critical

ID: 2717

Family: SMTP Servers

Published: 3/17/2005

Updated: 3/6/2019

Nessus ID: 17974, 17364

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2005-0804, CVE-2005-1013, CVE-2005-1014, CVE-2005-1015

BID: 12833, 12994, 12995, 13040, 13772