Denial of Service Vulnerability in MailEnable SMTP Service
CVE-2006-3277

Currently unrated

Key Information:

Vendor

Mailenable

Status
Mailenable Professional
Mailenable Enterprise
Vendor
CVE Published:
28 June 2006

What is CVE-2006-3277?

The MailEnable SMTP service is vulnerable to a denial of service attack, allowing remote attackers to crash the application. This occurs when an attacker sends a HELO command containing a null byte in the argument, potentially leading to inconsistencies in length checks or a missing argument scenario. All versions of MailEnable Standard prior to 1.92, Professional prior to 2.0, and Enterprise prior to 2.0, are affected unless patched with the MESMTPC hotfix.

References

http://www.mailenable.com/hotfix/mesmtpc.zip
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/27387
vdb-entryx_refsource_XF
http://securitytracker.com/id?1016376
vdb-entryx_refsource_SECTRACK

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.