NoticeWare Corporation NoticeWare Email Server NG LOGIN Messages Denial Of Service Vulnerability

Bugtraq ID:	30605
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2008-3607
Remote:	Yes
Local:	No
Published:	Aug 08 2008 12:00AM
Updated:	May 07 2015 05:25PM
Credit:	João Antunes
Vulnerable:	NoticeWare Corporation Noticeware Email Server NG 4.6.3 NoticeWare Corporation Noticeware Email Server NG 4.6.2
Not Vulnerable:	NoticeWare Corporation Noticeware Email Server NG 5.1

NoticeWare Corporation NoticeWare Email Server NG LOGIN Messages Denial Of Service Vulnerability

NoticeWare Email Server NG is prone to a denial-of-service vulnerability because it fails to handle user-supplied input.

Remote attackers can exploit this issue to deny service to legitimate users.

NoticeWare Email Server NG 4.6.2 and 4.6.3 are vulnerable; other versions may also be affected.

NoticeWare Corporation NoticeWare Email Server NG LOGIN Messages Denial Of Service Vulnerability

The following exploit example is available:

A001 LOGIN Ax5000 AAAAA

NoticeWare Corporation NoticeWare Email Server NG LOGIN Messages Denial Of Service Vulnerability

Solution:
The reporter indicates that this issue is fixed in Email Server NG 5.1. Please see the references for more information.

NoticeWare Corporation NoticeWare Email Server NG LOGIN Messages Denial Of Service Vulnerability

References:

• NoticeWare Email Server Homepage (NoticeWare Corporation)
  
• [AJECT] NoticeWare IMAP Email Server 4.6.2 DoS vulnerability (=?ISO-8859-1?Q?Jo=E3o_Antunes?= )