Info

Disclosure

Jun 24, 2006

Discovery

Unknown

Dates

Exploit

Jun 24, 2006

Solution

Unknown

Description

MailEnable contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error occurs during the HELO command handling, and will result in loss of availability for the SMTP service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, mailEnable has released a patch to address this vulnerability.

Products

MailEnable	Standard	1.92
	Professional	2.0
	Enterprise	2.0

References

Security Tracker: 1016376
Bugtraq ID: 18630
CVE ID: 2006-3277 (see also: NVD)
Secunia Advisory ID: 20790
ISS X-Force ID: 27387
VUPEN Advisory: ADV-2006-2520
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0664.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0760.html
Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/mailenable_dos_poc.txt
http://packetstormsecurity.org/0606-exploits/Mailenable-dos_pl.txt
Other Advisory URL: http://www.divisionbyzero.be/?p=173
http://www.divisionbyzero.be/?p=174
Vendor URL: http://www.mailenable.com/
Vendor Specific News/Changelog Entry: http://www.mailenable.com/hotfix/mesmtpc.zip
Keyword: ME-10013

Credit

DivisionByZero - DivisionByZero

Direct URL: http://osvdb.org/26791

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

MailEnable

Standard

Professional

Enterprise

References

Credit