Описание
The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."
The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-2580
- http://secunia.com/advisories/41175
- http://secunia.com/secunia_research/2010-112
- http://www.mailenable.com/Enterprise-ReleaseNotes.txt
- http://www.mailenable.com/Professional-ReleaseNotes.txt
- http://www.mailenable.com/Standard-ReleaseNotes.txt
- http://www.mailenable.com/hotfix
- http://www.securityfocus.com/archive/1/513648/100/0/threaded
- http://www.securityfocus.com/bid/43182
- http://www.securitytracker.com/id?1024427
Связанные уязвимости
The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."