This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
DNS:MAILENABLE-SPF
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
DNS
|
Keywords |
MailEnable SMTP Service SPF Lookup Buffer Overflow
|
Release Date |
2011/07/25
|
Update Number |
1960
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
DNS: MailEnable SMTP Service SPF Lookup Buffer Overflow
This signature detects attempts to exploit a known vulnerability against MailEnable SMTP. The vulnerability is due to a flaw when processing overly large Sender Policy Framework (SPF) data returned in DNS TXT records. An unauthenticated remote attacker may leverage this vulnerability by sending crafted DNS responses to the target host, causing a denial of service condition. It is also potentially possible to execute arbitrary code with SYSTEM level privileges. In an attack case where code injection is not successful, the affected SMTP service will terminate upon processing of the malicious message. If the SMTP service is not configured to restart automatically, the services will be unavailable until the process is restarted manually. In a more sophisticated attack, where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the SYSTEM account.
Extended Description
MailEnable is prone to a remote denial-of-service vulnerability.
This issue allows remote attackers to crash the application, denying further service to legitimate users.
Affected Products
- Mailenable mailenable 1.5015.0
- Mailenable mailenable 1.5016.0
- Mailenable mailenable 1.5017.0
- Mailenable mailenable 1.5018.0
- Mailenable mailenable 1.610.0
- Mailenable mailenable 1.701.0
- Mailenable mailenable 1.702.0
- Mailenable mailenable 1.703.0
- Mailenable mailenable 1.704.0
- Mailenable mailenable 1.71.0
- Mailenable mailenable 1.72.0
- Mailenable mailenable 1.8.0
- Mailenable mailenable 1.9.0
- Mailenable mailenable 1.91
- Mailenable mailenable 1.92
- Mailenable mailenable 1.93
- Mailenable mailenable 1.96
- Mailenable mailenable_enterprise_edition 1.0.0
- Mailenable mailenable_enterprise_edition 1.0.0 1
- Mailenable mailenable_enterprise_edition 1.0.0 2
- Mailenable mailenable_enterprise_edition 1.0.0 3
- Mailenable mailenable_enterprise_edition 1.0.0 4
- Mailenable mailenable_enterprise_edition 1.1.0
- Mailenable mailenable_enterprise_edition 1.2
- Mailenable mailenable_enterprise_edition 1.21
- Mailenable mailenable_enterprise_edition 2.0
- Mailenable mailenable_enterprise_edition 2.1
- Mailenable mailenable_enterprise_edition 2.2
- Mailenable mailenable_professional 1.0.0 004
- Mailenable mailenable_professional 1.0.0 005
- Mailenable mailenable_professional 1.0.0 006
- Mailenable mailenable_professional 1.0.0 007
- Mailenable mailenable_professional 1.0.0 008
- Mailenable mailenable_professional 1.0.0 009
- Mailenable mailenable_professional 1.0.0 010
- Mailenable mailenable_professional 1.0.0 011
- Mailenable mailenable_professional 1.0.0 012
- Mailenable mailenable_professional 1.0.0 013
- Mailenable mailenable_professional 1.0.0 014
- Mailenable mailenable_professional 1.0.0 015
- Mailenable mailenable_professional 1.0.0 016
- Mailenable mailenable_professional 1.0.0 017
- Mailenable mailenable_professional 1.1.0
- Mailenable mailenable_professional 1.101.0
- Mailenable mailenable_professional 1.102.0
- Mailenable mailenable_professional 1.103.0
- Mailenable mailenable_professional 1.104.0
- Mailenable mailenable_professional 1.105.0
- Mailenable mailenable_professional 1.106.0
- Mailenable mailenable_professional 1.107.0
- Mailenable mailenable_professional 1.108.0
- Mailenable mailenable_professional 1.109.0
- Mailenable mailenable_professional 1.110.0
- Mailenable mailenable_professional 1.111.0
- Mailenable mailenable_professional 1.112.0
- Mailenable mailenable_professional 1.113.0
- Mailenable mailenable_professional 1.114.0
- Mailenable mailenable_professional 1.115.0
- Mailenable mailenable_professional 1.116.0
- Mailenable mailenable_professional 1.12.0
- Mailenable mailenable_professional 1.13.0
- Mailenable mailenable_professional 1.14.0
- Mailenable mailenable_professional 1.15.0
- Mailenable mailenable_professional 1.16.0
- Mailenable mailenable_professional 1.17.0
- Mailenable mailenable_professional 1.18.0
- Mailenable mailenable_professional 1.19.0
- Mailenable mailenable_professional 1.2.0
- Mailenable mailenable_professional 1.2.0 A
- Mailenable mailenable_professional 1.5.0
- Mailenable mailenable_professional 1.51.0
- Mailenable mailenable_professional 1.52.0
- Mailenable mailenable_professional 1.53.0
- Mailenable mailenable_professional 1.54.0
- Mailenable mailenable_professional 1.6.0
- Mailenable mailenable_professional 1.7.0
- Mailenable mailenable_professional 1.72
- Mailenable mailenable_professional 1.73
- Mailenable mailenable_professional 2.0
- Mailenable mailenable_professional 2.1
- Mailenable mailenable_professional 2.2
References