SMTP: MailEnable Format String
This signature detects attempts to exploit a known vulnerability against MailEnale server. Attackers can send malicious format strings that can allow the remote execution of arbitrary code.
Extended Description
MailEnable is reported prone to a remote format string vulnerability. Reportedly this issue arises when the application handles malicious data passed through a malformed SMTP request. A successful attack may result in crashing the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context the server. MailEnable 1.8 is reported vulnerable, however, it is possible that other versions are affected as well.
Affected Products
Mailenable mailenable
Short Name
SMTP:VULN:MAILENABLE-FS
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2005-0804 Format MailEnable String bid:12833
Release Date
06/25/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Occasionally
Vendors
Mailenable
CVSS Score
5.0