BID:30498

MailEnable 3.52 IMAP Remote Denial of Service Vulnerability

Info

MailEnable 3.52 IMAP Remote Denial of Service Vulnerability

Bugtraq ID:	30498
Class:	Design Error
CVE:	CVE-2008-3449
Remote:	Yes
Local:	No
Published:	Aug 01 2008 12:00AM
Updated:	May 07 2015 05:25PM
Credit:	Reported by the vendor
Vulnerable:	MailEnable MailEnable Professional Edition 3.52 MailEnable MailEnable Enterprise Edition 3.52

Not Vulnerable:

Discussion

MailEnable 3.52 IMAP Remote Denial of Service Vulnerability

MailEnable is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

MailEnable 3.62 Professional Edition and Enterprise Edition are vulnerable; other versions may also be affected.

Exploit / POC

MailEnable 3.52 IMAP Remote Denial of Service Vulnerability

Attackers can use readily available network utilities to exploit this issue.

Solution / Fix

MailEnable 3.52 IMAP Remote Denial of Service Vulnerability

Solution:
The vendor has released hotfix ME-10042. Please see the references for more information.

MailEnable MailEnable Enterprise Edition 3.52

MailEnable ME-10042.EXE
http://www.mailenable.com/hotfix/ME-10042.EXE

MailEnable MailEnable Professional Edition 3.52

MailEnable ME-10042.EXE
http://www.mailenable.com/hotfix/ME-10042.EXE

References

MailEnable 3.52 IMAP Remote Denial of Service Vulnerability

References:

MailEnable Homepage (MailEnable)
ME-10044 (MailEnable)