Info

Disclosure

Mar 20, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

MailEnable WebMail contains a flaw that may allow a remote denial of service. The issue is triggered when incorrectly encoded quoted-printable emails are viewed, and will result in loss of availability for the platform.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Upgrade
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Upgrade to MailEnable Professional version 1.73 and MailEnable Enterprise 1.21 or higher, as it has been reported to fix this vulnerability. In addition, MailEnable has released a patch for some older versions.

Products

MailEnable	MailEnable Enterprise	1.0
		1.0.x
		1.1
		1.2
		1.21
	MailEnable Professional	1.1x
		1.0x
		1.2x
		1.5x
		1.6
		1.7
		1.73

References

Bugtraq ID: 17161
Secunia Advisory ID: 19288
CVE ID: 2006-1338 (see also: NVD)
Related OSVDB ID: 24012 24013
ISS X-Force ID: 25315
VUPEN Advisory: ADV-2006-1006
Vendor URL: http://www.mailenable.com/
Vendor Specific News/Changelog Entry: http://www.mailenable.com/enterprisehistory.asp
http://www.mailenable.com/professionalhistory.asp

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/24014