Vulnerability CVE-2010-2580


Published: 2010-09-15   Modified: 2012-02-13

Description:
The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."

See advisories in our WLB2 database:
Topic
Author
Date
Med.
MailEnable SMTP Service Two Denial of Service Vulnerabilities
Secunia Research
17.09.2010

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Mailenable -> Mailenable 

 References:
http://www.mailenable.com/Enterprise-ReleaseNotes.txt
http://www.mailenable.com/hotfix/
http://www.mailenable.com/Professional-ReleaseNotes.txt
http://www.mailenable.com/Standard-ReleaseNotes.txt
http://www.securityfocus.com/archive/1/513648/100/0/threaded
http://www.securityfocus.com/bid/43182
http://www.securitytracker.com/id?1024427

Copyright 2022, cxsecurity.com

 

Back to Top