Support
Eng
òÕÓ
Company
Home
Services
Solutions
Documentation
News and Events
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Network Security / Gain a shell remotely / MailEnable SE SMTP Command Format String Vulnerability
server monitoring

MailEnable SE SMTP Command Format String Vulnerability
Article ID: 17364
Last updated: 27 Jan, 2009
Print
Email to friend
Views: 192
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.

MailEnable SE SMTP Command Format String Vulnerability
This script is Copyright (C) 2005-2006 Tenable Network Security

FamilyGain a shell remotely
Plugin ID17364
Bugtraq ID12833
CVE IDCVE-2005-0804

Description:

Synopsis :

The remote SMTP server is afflicted by a format string vulnerability.

Description :

The remote host is running a version of MailEnable Standard Edition
that suffers from a format string vulnerability in its handling of
SMTP commands. Specifically, a remote attacker can crash the SMTP
daemon by sending a command with a format specifier as an argument.
Due to the nature of the flaw, it is likely that an attacker can also
be able to gain control of program execution and inject arbitrary
code.

See also :

http://www.securityfocus.com/archive/1/393566

Solution :

Apply the SMTP fix from 18th March 2005 located at
http://www.mailenable.com/hotfix/

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
This article was:   Helpful | Not Helpful
Prev   Next
Mail-it Now! Upload2Server Arbitrary File Upload Vulnerability     LPRng malformed input

server monitoring

¿ 2010 "SHALB.com" All rights reserved
SHALB Home
Services
Solutions
Documentation
News and Events