MailEnable POP authentication

mailenable-pop-authentication (25314) The risk level is classified as LowLow Risk

Description:

MailEnable Standard Edition has an unspecified vulnerability related to the handling of POP authentication.

Platforms Affected:

  • MailEnable, MailEnable Enterprise Edition prior to 1.21
  • MailEnable, MailEnable Professional Edition prior to 1.73
  • MailEnable, MailEnable Standard Edition prior to 1.93
  • Microsoft, Windows 2000 Professional
  • Microsoft, Windows 2000 Advanced Server
  • Microsoft, Windows 2003 Server Standard
  • Microsoft, Windows 2003 Server Web
  • Microsoft, Windows 2003 Server Enterprise
  • Microsoft, Windows NT 4.0 Server

Remedy:

For MailEnable Standard Edition:
Upgrade to the latest version of MailEnable Standard Edition (1.93 or later), available from the MailEnable Web site. See References.

For MailEnable Professional Edition:
Upgrade to the latest version of MailEnable Professional Edition (1.73 or later), available from the MailEnable Web site. See References.

For MailEnable Enterprise Edition:
Upgrade to the latest version of MailEnable Enterprise Edition (1.21 or later), available from the MailEnable Web site. See References.

Consequences:

Other

References:

  • MailEnable Web site, MailEnable - Enterprise Edition Revision History at http://www.mailenable.com/enterprisehistory.asp.
  • BID-17162: MailEnable Unspecified POP Authentication Bypass Vulnerability
  • CVE-2006-1337: Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.
  • OSVDB ID: 24012: MailEnable POP3 Unspecified Pre-authentication Remote Overflow
  • SA19288: MailEnable Webmail and POP3 Buffer Overflow Vulnerabilities
  • SECTRACK ID: 1015797: MailEnable POP Authentication Bug Has Unspecified Impact
  • VUPEN/ADV-2006-1006: MailEnable POP Authentication and Webmail Component Vulnerabilities

Reported:

Mar 20, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page