Lucene search

[email protected]CVE-2006-5177

HistoryOct 10, 2006 - 4:06 a.m.

CVE-2006-5177

2006-10-1004:06:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2006-5177

ntlm authentication

mailenable professional

mailenable enterprise

remote code execution

denial of service

buffer over-read

nvd

8.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.21 Low

EPSS

Percentile

96.4%

JSON

The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read.

CPENameOperatorVersion
mailenable:mailenable_enterprisemailenable mailenable enterpriseeq2.0
mailenable:mailenable_professionalmailenable mailenable professionaleq2.0

CPE	Name	Operator	Version
mailenable:mailenable_enterprise	mailenable mailenable enterprise	eq	2.0
mailenable:mailenable_professional	mailenable mailenable professional	eq	2.0

References

labs.musecurity.com/advisories/MU-200609-01.txt

secunia.com/advisories/22179

www.mailenable.com/hotfix/

www.securityfocus.com/bid/20290

www.vupen.com/english/advisories/2006/3862

exchange.xforce.ibmcloud.com/vulnerabilities/29286

exchange.xforce.ibmcloud.com/vulnerabilities/29287

8.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.21 Low

EPSS

Percentile

96.4%

JSON

Related for CVE-2006-5177

cvelist1 nessus1