[Full-disclosure] Mailenable SMTP Service DoS

From: db0 <divisionbyzerodotbe@xxxxxxxxx>
Date: Sat, 24 Jun 2006 20:58:48 +0200

Mailenable is vulnerable due to an error in the handling of the "HELO"
command in the SMTP service.

Product: Mailenable SMTP Service, All versions
Vuln type: Denial of Service
Risk: moderated
Attack type: Remote
Tested on: Windows 2003
Vendor patch: http://www.mailenable.com/hotfix/default.asp: ME-10013

--
www.divisionbyzero.be

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities
Next by Date: Re: [Full-disclosure] Amazon, MSN vulns and.. Yes, we know! Mostsites have vulnerabilities
Previous by thread: Re: [Full-disclosure] Mr. Kletneiks
Next by thread: [Full-disclosure] Beginners guide to owning Yahoo network
Index(es):
- Date
- Thread

Relevant Pages

Mailenable SMTP Service DoS
... command in the SMTP service. ... Mailenable SMTP Service, All versions ... Vuln type: Denial of Service ...
(Bugtraq)
Event ID: 7010
... The client at "217.169.125.103" sent a "xexch50" command, ... the emails remain in the outbound queue until NDR message. ... If I restart the SMTP service the mails leave the queue correctly. ...
(microsoft.public.exchange.admin)
IIS ESMTP
... I've installed IIS 6.0 on my XP professional SP2 and then installed ... By telnet on port 25 i've reached the SMTP service and obtained the ... I've used RCPT TO: command but after inserted the destination address ...
(microsoft.public.inetserver.iis.smtp_nntp)
Re: IIS ESMTP
... By telnet on port 25 i've reached the SMTP service and obtained the ... I've used RCPT TO: command but after inserted the destination address ... So I suppose that PIPELINING command doesn't work. ...
(microsoft.public.inetserver.iis.smtp_nntp)