Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

mailEnableDoS.txt

🗓️ 30 Nov 2005 00:00:00Reported by Josh ZlatinType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

MailEnable Imap Remote Denial of Service attack in MailEnable Pro and MailEnable Enterprise IMAP serve

Code
`Synopsis: MailEnable Imap Remote DOS.  
  
Product: MailEnable Pro  
MailEnable Enterprise  
http://www.mailenable.com  
  
Version: Confirmed on MailEnable Pro 1.7 and MailEnable Enterprise 1.1  
  
Author: Josh Zlatin-Amishav  
  
Date: November 24, 2005  
  
Background:  
MailEnable's mail server software provides a powerful, scalable hosted   
messaging platform for Microsoft Windows. MailEnable offers stability,   
unsurpassed flexibility and an extensive feature set which allows you to   
provide cost-effective mail services.  
  
Issue:  
In working with researchers at Tenable Network Security, I have come across  
a Denial of Service attack in the MailEnable Pro and MailEnable Enterprise  
IMAP server. It is possible to remotely crash the IMAP server by sending a   
rename request with non existant mailbox names  
  
PoC:  
telnet localhost 143  
a1 login josh byebye  
a2 rename foo bar  
  
where josh and byebye are the login credentials for an existing mailbox.  
  
Vendor notified: November 24, 2005 10:50AM  
Patch released: November 24, 2005 13:28PM  
  
Solution:  
Download patch from: http://www.mailenable.com/hotfix/MEIMAPS.ZIP  
  
To install:  
1) Stop the IMAP service  
2) Rename the MEIMAPS.EXE file in the Mail Enable\bin directory as this will  
allow you to roll back this fix  
3) Extract the zip file from the URL above to the Mail Enable\bin directory  
4) Start the IMAP service  
  
References: http://zur.homelinux.com/Advisories/MailEnableImapDos.txt  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Nov 2005 00:00Current
7.4High risk
Vulners AI Score7.4
mailenable promailenable enterpriseremote dosimap serverdenial of servicepatchtenable network securityvendor notifiedpatch released
21