MailEnable SMTP NTLM Authentication Unspecified Denial of Service Vulnerability
BID:22565
Info
MailEnable SMTP NTLM Authentication Unspecified Denial of Service Vulnerability
| Bugtraq ID: | 22565 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 14 2007 12:00AM |
| Updated: | Feb 14 2007 11:47PM |
| Credit: | mu-b is credited with the discovery of this vulnerability. |
| Vulnerable: |
MailEnable MailEnable Professional 2.37 MailEnable MailEnable Professional 2.351 MailEnable MailEnable Professional 2.35 MailEnable MailEnable Professional 2.34 MailEnable MailEnable Professional 2.33 MailEnable MailEnable Professional 2.32 MailEnable MailEnable Enterprise Edition 2.37 MailEnable MailEnable Enterprise Edition 2.35 MailEnable MailEnable Enterprise Edition 2.34 MailEnable MailEnable Enterprise Edition 2.33 MailEnable MailEnable Enterprise Edition 2.32 |
| Not Vulnerable: | |
Discussion
MailEnable SMTP NTLM Authentication Unspecified Denial of Service Vulnerability
MailEnable is prone to a remote denial-of-service vulnerability.
This issue arises in the SMTP server during NTLM authentication and may result in a crash of the affected service. Arbitrary code execution may also be possible; this has not been confirmed.
This issue was originally discussed in BID 20290 (MailEnable SMTP NTLM Authentication Multiple Vulnerabilities), but further reports and analysis show it is a separate vulnerability and has been assigned its own BID.
MailEnable is prone to a remote denial-of-service vulnerability.
This issue arises in the SMTP server during NTLM authentication and may result in a crash of the affected service. Arbitrary code execution may also be possible; this has not been confirmed.
This issue was originally discussed in BID 20290 (MailEnable SMTP NTLM Authentication Multiple Vulnerabilities), but further reports and analysis show it is a separate vulnerability and has been assigned its own BID.
Exploit / POC
MailEnable SMTP NTLM Authentication Unspecified Denial of Service Vulnerability
The following proof of concept is available to trigger denial-of-service conditions:
The following proof of concept is available to trigger denial-of-service conditions:
Solution / Fix
MailEnable SMTP NTLM Authentication Unspecified Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
MailEnable SMTP NTLM Authentication Unspecified Denial of Service Vulnerability
References:
References:
- MailEnable Homepage (MailEnable)