Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-3277

The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.

Published

2006-06-28T22:05:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mailenable	mailenable_enterprise	≤ 1.00	Yes
Application	mailenable	mailenable_enterprise	≤ 1.01	Yes
Application	mailenable	mailenable_enterprise	≤ 1.1	Yes
Application	mailenable	mailenable_enterprise	≤ 1.2	Yes
Application	mailenable	mailenable_enterprise	≤ 1.02	Yes
Application	mailenable	mailenable_enterprise	≤ 1.03	Yes
Application	mailenable	mailenable_enterprise	≤ 1.04	Yes
Application	mailenable	mailenable_enterprise	≤ 1.21	Yes
Application	mailenable	mailenable_professional	1.0.004	Yes
Application	mailenable	mailenable_professional	1.0.005	Yes
Application	mailenable	mailenable_professional	1.0.006	Yes
Application	mailenable	mailenable_professional	1.0.007	Yes
Application	mailenable	mailenable_professional	1.0.008	Yes
Application	mailenable	mailenable_professional	1.0.009	Yes
Application	mailenable	mailenable_professional	1.0.010	Yes
Application	mailenable	mailenable_professional	1.0.011	Yes
Application	mailenable	mailenable_professional	1.0.012	Yes
Application	mailenable	mailenable_professional	1.0.013	Yes
Application	mailenable	mailenable_professional	1.0.014	Yes
Application	mailenable	mailenable_professional	1.0.015	Yes
Application	mailenable	mailenable_professional	1.0.016	Yes
Application	mailenable	mailenable_professional	1.0.017	Yes
Application	mailenable	mailenable_professional	1.1	Yes
Application	mailenable	mailenable_professional	1.2	Yes
Application	mailenable	mailenable_professional	1.2a	Yes
Application	mailenable	mailenable_professional	1.5	Yes
Application	mailenable	mailenable_professional	1.6	Yes
Application	mailenable	mailenable_professional	1.7	Yes
Application	mailenable	mailenable_professional	1.8	Yes
Application	mailenable	mailenable_professional	1.9	Yes
Application	mailenable	mailenable_professional	1.12	Yes
Application	mailenable	mailenable_professional	1.13	Yes
Application	mailenable	mailenable_professional	1.14	Yes
Application	mailenable	mailenable_professional	1.15	Yes
Application	mailenable	mailenable_professional	1.16	Yes
Application	mailenable	mailenable_professional	1.17	Yes
Application	mailenable	mailenable_professional	1.18	Yes
Application	mailenable	mailenable_professional	1.19	Yes
Application	mailenable	mailenable_professional	1.51	Yes
Application	mailenable	mailenable_professional	1.52	Yes
Application	mailenable	mailenable_professional	1.53	Yes
Application	mailenable	mailenable_professional	1.54	Yes
Application	mailenable	mailenable_professional	1.71	Yes
Application	mailenable	mailenable_professional	1.72	Yes
Application	mailenable	mailenable_professional	1.73	Yes
Application	mailenable	mailenable_professional	1.91	Yes
Application	mailenable	mailenable_professional	1.92	Yes
Application	mailenable	mailenable_professional	1.93	Yes
Application	mailenable	mailenable_professional	1.101	Yes
Application	mailenable	mailenable_professional	1.102	Yes
Application	mailenable	mailenable_professional	1.103	Yes
Application	mailenable	mailenable_professional	1.104	Yes
Application	mailenable	mailenable_professional	1.105	Yes
Application	mailenable	mailenable_professional	1.106	Yes
Application	mailenable	mailenable_professional	1.107	Yes
Application	mailenable	mailenable_professional	1.108	Yes
Application	mailenable	mailenable_professional	1.109	Yes
Application	mailenable	mailenable_professional	1.110	Yes
Application	mailenable	mailenable_professional	1.111	Yes
Application	mailenable	mailenable_professional	1.112	Yes
Application	mailenable	mailenable_professional	1.113	Yes
Application	mailenable	mailenable_professional	1.114	Yes
Application	mailenable	mailenable_professional	1.115	Yes
Application	mailenable	mailenable_professional	1.116	Yes
Application	mailenable	mailenable_professional	1.610	Yes
Application	mailenable	mailenable_professional	1.701	Yes
Application	mailenable	mailenable_professional	1.702	Yes
Application	mailenable	mailenable_professional	1.703	Yes
Application	mailenable	mailenable_professional	1.704	Yes
Application	mailenable	mailenable_professional	1.5015	Yes
Application	mailenable	mailenable_professional	1.5016	Yes
Application	mailenable	mailenable_professional	1.5017	Yes
Application	mailenable	mailenable_professional	1.5018	Yes

References

http://secunia.com/advisories/20790 Vendor Advisory ([email protected])
http://securitytracker.com/id?1016376 ([email protected])
http://www.divisionbyzero.be/?p=173 Patch ([email protected])
http://www.divisionbyzero.be/?p=174 ([email protected])
http://www.mailenable.com/hotfix/mesmtpc.zip Patch ([email protected])
http://www.osvdb.org/26791 ([email protected])
http://www.securityfocus.com/archive/1/438374/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/18630 ([email protected])
http://www.vupen.com/english/advisories/2006/2520 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/27387 ([email protected])
http://secunia.com/advisories/20790 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1016376 (af854a3a-2127-422b-91ae-364da2661108)
http://www.divisionbyzero.be/?p=173 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.divisionbyzero.be/?p=174 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mailenable.com/hotfix/mesmtpc.zip Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/26791 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/438374/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/18630 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/2520 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27387 (af854a3a-2127-422b-91ae-364da2661108)