Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3277

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3277
Last Modified 17 Mar 2011 12:00:00
Published 28 Jun 2006 06:05:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3277

Summary

The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.

Vulnerable Systems

Application

  • Mailenable Enterprise 1.00

  • Mailenable Enterprise 1.01

  • Mailenable Enterprise 1.02

  • Mailenable Enterprise 1.03

  • Mailenable Enterprise 1.04

  • Mailenable Enterprise 1.1

  • Mailenable Enterprise 1.2

  • Mailenable Enterprise 1.21

  • Mailenable Professional 1.0.004

  • Mailenable Professional 1.0.005

  • Mailenable Professional 1.0.006

  • Mailenable Professional 1.0.007

  • Mailenable Professional 1.0.008

  • Mailenable Professional 1.0.009

  • Mailenable Professional 1.0.010

  • Mailenable Professional 1.0.011

  • Mailenable Professional 1.0.012

  • Mailenable Professional 1.0.013

  • Mailenable Professional 1.0.014

  • Mailenable Professional 1.0.015

  • Mailenable Professional 1.0.016

  • Mailenable Professional 1.0.017

  • Mailenable Professional 1.1

  • Mailenable Professional 1.101

  • Mailenable Professional 1.102

  • Mailenable Professional 1.103

  • Mailenable Professional 1.104

  • Mailenable Professional 1.105

  • Mailenable Professional 1.106

  • Mailenable Professional 1.107

  • Mailenable Professional 1.108

  • Mailenable Professional 1.109

  • Mailenable Professional 1.110

  • Mailenable Professional 1.111

  • Mailenable Professional 1.112

  • Mailenable Professional 1.113

  • Mailenable Professional 1.114

  • Mailenable Professional 1.115

  • Mailenable Professional 1.116

  • Mailenable Professional 1.12

  • Mailenable Professional 1.13

  • Mailenable Professional 1.14

  • Mailenable Professional 1.15

  • Mailenable Professional 1.16

  • Mailenable Professional 1.17

  • Mailenable Professional 1.18

  • Mailenable Professional 1.19

  • Mailenable Professional 1.2

  • Mailenable Professional 1.2a

  • Mailenable Professional 1.5

  • Mailenable Professional 1.5015

  • Mailenable Professional 1.5016

  • Mailenable Professional 1.5017

  • Mailenable Professional 1.5018

  • Mailenable Professional 1.51

  • Mailenable Professional 1.52

  • Mailenable Professional 1.53

  • Mailenable Professional 1.54

  • Mailenable Professional 1.6

  • Mailenable Professional 1.610

  • Mailenable Professional 1.7

  • Mailenable Professional 1.701

  • Mailenable Professional 1.702

  • Mailenable Professional 1.703

  • Mailenable Professional 1.704

  • Mailenable Professional 1.71

  • Mailenable Professional 1.72

  • Mailenable Professional 1.73

  • Mailenable Professional 1.8

  • Mailenable Professional 1.9

  • Mailenable Professional 1.91

  • Mailenable Professional 1.92

  • Mailenable Professional 1.93


References

CONFIRM - http://www.mailenable.com/hotfix/mesmtpc.zip

MISC - http://www.divisionbyzero.be/?p=173

XF - mailenable-smtp-helo-dos(27387)

VUPEN - ADV-2006-2520

BID - 18630

BUGTRAQ - 20060624 Mailenable SMTP Service DoS

OSVDB - 26791

MISC - http://www.divisionbyzero.be/?p=174

SECTRACK - 1016376

SECUNIA - 20790


Last Updated: 27 May 2016 10:42:57