Secunia Security Advisory - Two vulnerabilities have been reported in MailEnable, one has an unknown impact, the other can potentially be exploited by malicious people to cause a DoS (Denial of Service).
f3ef1309944070e362633d7cae2602e591597d3534d7354eb0e5218a8335f95c
TITLE:
MailEnable Webmail and Unspecified POP Vulnerabilities
SECUNIA ADVISORY ID:
SA19288
VERIFY ADVISORY:
http://secunia.com/advisories/19288/
CRITICAL:
Moderately critical
IMPACT:
Unknown, DoS
WHERE:
>From remote
SOFTWARE:
MailEnable Standard 1.x
http://secunia.com/product/3882/
MailEnable Professional 1.x
http://secunia.com/product/3474/
MailEnable Enterprise Edition 1.x
http://secunia.com/product/4325/
DESCRIPTION:
Two vulnerabilities have been reported in MailEnable, one has an
unknown impact, the other can potentially be exploited by malicious
people to cause a DoS (Denial of Service).
1) An unspecified error exists within the handling of POP
authentication. No further information is available.
2) An error exists within the webmail component when handling encoded
quoted-printable emails. This can potentially be exploited to consume
a large amount of CPU resources when a malformed quoted-printable
email is viewed.
The vulnerabilities have been reported in some or all of the
following products:
* MailEnable Standard Edition
* MailEnable Professional Edition
* MailEnable Enterprise Edition
SOLUTION:
Update to the fixed versions.
http://www.mailenable.com/download.asp
MailEnable Standard Edition:
Update to version 1.93
MailEnable Professional Edition:
Update to version 1.73
MailEnable Enterprise Edition:
Update to version 1.21
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.mailenable.com/standardhistory.asp
http://www.mailenable.com/professionalhistory.asp
http://www.mailenable.com/enterprisehistory.asp
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------