TITLE: MailEnable Webmail and Unspecified POP Vulnerabilities SECUNIA ADVISORY ID: SA19288 VERIFY ADVISORY: http://secunia.com/advisories/19288/ CRITICAL: Moderately critical IMPACT: Unknown, DoS WHERE: >From remote SOFTWARE: MailEnable Standard 1.x http://secunia.com/product/3882/ MailEnable Professional 1.x http://secunia.com/product/3474/ MailEnable Enterprise Edition 1.x http://secunia.com/product/4325/ DESCRIPTION: Two vulnerabilities have been reported in MailEnable, one has an unknown impact, the other can potentially be exploited by malicious people to cause a DoS (Denial of Service). 1) An unspecified error exists within the handling of POP authentication. No further information is available. 2) An error exists within the webmail component when handling encoded quoted-printable emails. This can potentially be exploited to consume a large amount of CPU resources when a malformed quoted-printable email is viewed. The vulnerabilities have been reported in some or all of the following products: * MailEnable Standard Edition * MailEnable Professional Edition * MailEnable Enterprise Edition SOLUTION: Update to the fixed versions. http://www.mailenable.com/download.asp MailEnable Standard Edition: Update to version 1.93 MailEnable Professional Edition: Update to version 1.73 MailEnable Enterprise Edition: Update to version 1.21 PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.mailenable.com/standardhistory.asp http://www.mailenable.com/professionalhistory.asp http://www.mailenable.com/enterprisehistory.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------