Vulnerabilities > CVE-2006-3277 - Resource Management Errors vulnerability in Mailenable Enterprise and Mailenable Professional
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | MailEnable 1.x SMTP HELO Command Remote Denial of Service Vulnerability. CVE-2006-3277 . Dos exploit for windows platform |
id | EDB-ID:28103 |
last seen | 2016-02-03 |
modified | 2006-06-24 |
published | 2006-06-24 |
reporter | db0 |
source | https://www.exploit-db.com/download/28103/ |
title | MailEnable 1.x SMTP HELO Command Remote Denial of Service Vulnerability |
Nessus
NASL family | SMTP problems |
NASL id | MAILENABLE_SMTP_HELO_DOS.NASL |
description | The remote host is running MailEnable, a commercial mail server for Windows. According to the version number in its banner, the SMTP server bundled with the installation of MailEnable on the remote host will crash when handling malformed HELO commands. An unauthenticated attacker may be able to leverage this issue to deny service to legitimate users. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21771 |
published | 2006-06-28 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21771 |
title | MailEnable SMTP Server HELO Command Remote DoS |
References
- http://secunia.com/advisories/20790
- http://securitytracker.com/id?1016376
- http://www.divisionbyzero.be/?p=173
- http://www.divisionbyzero.be/?p=174
- http://www.mailenable.com/hotfix/mesmtpc.zip
- http://www.osvdb.org/26791
- http://www.securityfocus.com/archive/1/438374/100/0/threaded
- http://www.securityfocus.com/bid/18630
- http://www.vupen.com/english/advisories/2006/2520
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27387