Vulnerability Details : CVE-2006-3277
The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.
Vulnerability category: Denial of service
Products affected by CVE-2006-3277
- cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.52:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.2a:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.51:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.53:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.54:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.71:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.72:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.73:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.007:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.008:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.016:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.017:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.106:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.107:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.114:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.115:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.5018:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.701:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.702:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.91:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.92:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.005:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.006:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.013:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.014:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.015:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.104:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.105:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.112:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.113:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.5016:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.5017:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.610:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.009:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.010:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.101:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.108:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.109:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.116:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.703:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.704:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.93:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.004:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.011:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.0.012:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.102:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.103:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.110:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.111:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:mailenable:mailenable_professional:1.5015:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3277
5.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3277
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2006-3277
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-3277
-
http://www.mailenable.com/hotfix/mesmtpc.zip
Patch
-
http://www.securityfocus.com/bid/18630
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27387
-
http://securitytracker.com/id?1016376
-
http://www.vupen.com/english/advisories/2006/2520
Vendor Advisory
-
http://www.securityfocus.com/archive/1/438374/100/0/threaded
-
http://www.divisionbyzero.be/?p=173
Patch
-
http://www.divisionbyzero.be/?p=174
Jump to