DNS: MailEnable SMTP Service SPF Lookup Buffer Overflow
This signature detects attempts to exploit a known vulnerability against MailEnable SMTP. The vulnerability is due to a flaw when processing overly large Sender Policy Framework (SPF) data returned in DNS TXT records. An unauthenticated remote attacker may leverage this vulnerability by sending crafted DNS responses to the target host, causing a denial of service condition. It is also potentially possible to execute arbitrary code with SYSTEM level privileges. In an attack case where code injection is not successful, the affected SMTP service will terminate upon processing of the malicious message. If the SMTP service is not configured to restart automatically, the services will be unavailable until the process is restarted manually. In a more sophisticated attack, where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the SYSTEM account.
Extended Description
MailEnable is prone to a remote denial-of-service vulnerability. This issue allows remote attackers to crash the application, denying further service to legitimate users.
Affected Products
Mailenable mailenable_professional
Short Name
DNS:MAILENABLE-SPF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DNS
Keywords
Buffer CVE-2006-4616 Lookup MailEnable Overflow SMTP SPF Service bid:20091
Release Date
07/25/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Mailenable
CVSS Score
5.0