MailEnable SMTP Malformed EHLO Request DoS

2005-04-05T00:00:00
ID OSVDB:15232
Type osvdb
Reporter Corry L.(corryl@sitoverde.com)
Modified 2005-04-05T00:00:00

Description

Vulnerability Description

MailEnable contains a flaw that may allow a remote denial of service. The issue is triggered when issuing a malformed request to the EHLO command containing a '(tm)' (trademark) character, which will crash the service resulting in loss of availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, MailEnable has released a patch to address this vulnerability.

Short Description

MailEnable contains a flaw that may allow a remote denial of service. The issue is triggered when issuing a malformed request to the EHLO command containing a '(tm)' (trademark) character, which will crash the service resulting in loss of availability.

References:

Vendor URL: http://www.mailenable.com/ Vendor Specific Solution URL: http://www.mailenable.com/hotfix/MEIMSM-HF050425.zip Vendor Specific Solution URL: http://www.mailenable.com/hotfix/ Security Tracker: 1013637 Security Tracker: 1013799 Secunia Advisory ID:14812 Secunia Advisory ID:15068 Related OSVDB ID: 15231 Nessus Plugin ID:17974 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0081.html ISS X-Force ID: 19948 Bugtraq ID: 12994