Vulnerabilities > CVE-2006-4616 - Remote Denial of Service vulnerability in Mailenable products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
| NASL family | SMTP problems |
| NASL id | MAILENABLE_SMTP_SPF_DOS.NASL |
| description | The remote host is running MailEnable, a commercial mail server for Windows. The SMTP server bundled with the version of MailEnable installed on the remote host is affected by a flaw in which SPF lookups for domains with large records may result in a NULL pointer exception in the SMTP service. An unauthenticated, remote attacker can exploit this issue to crash the affected service. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 22411 |
| published | 2006-09-19 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/22411 |
| title | MailEnable SMTP Connector Service SPF Record Crafted Lookup DoS |
References
- http://secunia.com/advisories/21998
- http://securitytracker.com/id?1016792
- http://www.mailenable.com/hotfix/
- http://www.mailenable.com/hotfix/MESMTPC.ZIP
- http://www.securityfocus.com/bid/20091
- http://www.vupen.com/english/advisories/2006/3669
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28910