MailEnable SMTP Command Length Validation Error Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1024427 |
|
SecurityTracker URL: http://securitytracker.com/id/1024427
|
|
CVE Reference:
CVE-2010-2580
(Links to External Site)
|
Date: Sep 13 2010
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.25 and prior versions
|
Description:
A vulnerability was reported in MailEnable. A remote user can cause denial of service conditions.
A remote user can send a specially crafted SMTP MAIL FROM command value or RCPT TO command value to cause the target SMTP service (MESMTPC.exe) to crash.
The vendor was notified on September 6, 2010.
The original advisory is available at:
http://secunia.com/secunia_research/2010-112/
Dmitriy Pletnev of Secunia Research reported this vulnerability.
|
Impact:
A remote user can cause the target SMTP service to crash.
|
Solution:
The vendor has issued a fix (4.26 or hotfix ME-10044).
|
Vendor URL: www.mailenable.com/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 13 Sep 2010 20:44:38 +0000
Subject: MailEnable
|
http://secunia.com/secunia_research/2010-112/
CVE-2010-2580
|
|
