Mailenable SMTP Service DoS

From: db0 <divisionbyzerodotbe@xxxxxxxxx>
Date: Sat, 24 Jun 2006 18:22:03 +0200

Mailenable is vulnerable due to an error in the handling of the "HELO"
command in the SMTP service.

Product: Mailenable SMTP Service, All versions
Vuln type: Denial of Service
Risk: moderated
Attack type: Remote
Tested on: Windows 2003
Vendor patch: http://www.mailenable.com/hotfix/default.asp: ME-10013

--
www.divisionbyzero.be

Prev by Date: GlobeTrotter Mobility Manager - security issue
Next by Date: RE: Bypassing of web filters by using ASCII
Previous by thread: GlobeTrotter Mobility Manager - security issue
Next by thread: Undisclosed cross site scripting vulnerabilities in domaintools.com - requesting contacts
Index(es):
- Date
- Thread

Relevant Pages

[Full-disclosure] Mailenable SMTP Service DoS
... command in the SMTP service. ... Mailenable SMTP Service, All versions ... Vuln type: Denial of Service ...
(Full-Disclosure)
Event ID: 7010
... The client at "217.169.125.103" sent a "xexch50" command, ... the emails remain in the outbound queue until NDR message. ... If I restart the SMTP service the mails leave the queue correctly. ...
(microsoft.public.exchange.admin)
IIS ESMTP
... I've installed IIS 6.0 on my XP professional SP2 and then installed ... By telnet on port 25 i've reached the SMTP service and obtained the ... I've used RCPT TO: command but after inserted the destination address ...
(microsoft.public.inetserver.iis.smtp_nntp)
Re: IIS ESMTP
... By telnet on port 25 i've reached the SMTP service and obtained the ... I've used RCPT TO: command but after inserted the destination address ... So I suppose that PIPELINING command doesn't work. ...
(microsoft.public.inetserver.iis.smtp_nntp)