MailEnable POP authentication

mailenable-pop-authentication (25314) The risk level is classified as LowLow Risk

Description:

MailEnable Standard Edition has an unspecified vulnerability related to the handling of POP authentication.


Consequences:

Other

Remedy:

For MailEnable Standard Edition:
Upgrade to the latest version of MailEnable Standard Edition (1.93 or later), available from the MailEnable Web site. See References.

For MailEnable Professional Edition:
Upgrade to the latest version of MailEnable Professional Edition (1.73 or later), available from the MailEnable Web site. See References.

For MailEnable Enterprise Edition:
Upgrade to the latest version of MailEnable Enterprise Edition (1.21 or later), available from the MailEnable Web site. See References.

References:

  • MailEnable Web site: MailEnable - Enterprise Edition Revision History.
  • BID-17162: MailEnable Unspecified POP Authentication Bypass Vulnerability
  • CVE-2006-1337: Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.
  • OSVDB ID: 24012: MailEnable POP3 Unspecified Pre-authentication Remote Overflow
  • SA19288: MailEnable Webmail and POP3 Buffer Overflow Vulnerabilities
  • SECTRACK ID: 1015797: MailEnable POP Authentication Bug Has Unspecified Impact
  • VUPEN/ADV-2006-1006: MailEnable POP Authentication and Webmail Component Vulnerabilities

Platforms Affected:

  • MailEnable MailEnable prior to 1.21 Enterprise
  • MailEnable MailEnable prior to 1.73 Professional
  • MailEnable MailEnable prior to 1.93 Standard
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2003 Server Web
  • Microsoft Windows 2003 Server Standard
  • Microsoft Windows 2003 Server Enterprise
  • Microsoft Windows NT 4.0 Server

Reported:

Mar 20, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page