Vulnerability Description
The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mailenable | Mailenable Enterprise | <= 1.00 |
| Mailenable | Mailenable Professional | 1.0.004 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/20790Vendor Advisory
- http://securitytracker.com/id?1016376
- http://www.divisionbyzero.be/?p=173Patch
- http://www.divisionbyzero.be/?p=174
- http://www.mailenable.com/hotfix/mesmtpc.zipPatch
- http://www.osvdb.org/26791
- http://www.securityfocus.com/archive/1/438374/100/0/threaded
- http://www.securityfocus.com/bid/18630
- http://www.vupen.com/english/advisories/2006/2520Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27387
- http://secunia.com/advisories/20790Vendor Advisory
- http://securitytracker.com/id?1016376
- http://www.divisionbyzero.be/?p=173Patch
- http://www.divisionbyzero.be/?p=174
- http://www.mailenable.com/hotfix/mesmtpc.zipPatch
FAQ
What is CVE-2006-3277?
CVE-2006-3277 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (...
How severe is CVE-2006-3277?
CVE-2006-3277 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3277?
Check the references section above for vendor advisories and patch information. Affected products include: Mailenable Mailenable Enterprise, Mailenable Mailenable Professional.