CVE-2010-2580 Information

Description

The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command or (2) domain name in the RCPT TO command which triggers an \unhandled invalid parameter error.\

Reference

http://secunia.com/advisories/41175 http://secunia.com/secunia_research/2010-112/ http://www.mailenable.com/Enterprise-ReleaseNotes.txt http://www.mailenable.com/hotfix/ http://www.mailenable.com/Professional-ReleaseNotes.txt http://www.mailenable.com/Standard-ReleaseNotes.txt http://www.securityfocus.com/archive/1/513648/100/0/threaded http://www.securityfocus.com/bid/43182 http://www.securitytracker.com/id?1024427