Lucene search

SAINT CorporationSAINT:D632FD30B7AD13AE4DACE9D4E0EA5E14

HistoryJun 30, 2006 - 12:00 a.m.

MailEnable SMTP AUTH LOGIN buffer overflow

2006-06-3000:00:00

SAINT Corporation

download.saintcorporation.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.0%

JSON

Added: 06/30/2006
CVE: CVE-2005-1781
BID: 13772
OSVDB: 16851

Background

MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services.

Problem

The SMTP service in MailEnable is affected by a buffer overflow vulnerability which could allow a remote unauthenticated attacker to execute arbitrary commands by sending a specially crafted AUTH LOGIN command.

Resolution

Apply the hotfix.

References

<http://secunia.com/advisories/15487>

Limitations

Exploit works on MailEnable Enterprise Edition 1.04 on Windows 2000 SP4, Windows XP SP2, and Windows Server 2003 SP0.

Platforms

Windows 2000
Windows XP
Windows Server 2003

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.0%

JSON

Related for SAINT:D632FD30B7AD13AE4DACE9D4E0EA5E14