PT-2006-5912 · Mailenable · Mailenable Professional+1

Published

2006-10-06

Updated

2017-07-20

CVE-2006-5177

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MailEnable Professional version 2.0 MailEnable Enterprise version 2.0

Description The issue concerns the NTLM authentication mechanism, which allows remote attackers to execute arbitrary code or cause a denial of service. This is achieved through crafted base64 encoded NTLM messages. Specifically, NTLM Type 3 messages can lead to arbitrary code execution, while NTLM Type 1 messages can cause a buffer over-read, resulting in a denial of service.

Recommendations For MailEnable Professional version 2.0, consider disabling NTLM authentication until a patch is available. For MailEnable Enterprise version 2.0, restrict access to NTLM authentication mechanisms to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2006-5177

Affected Products

Mailenable Enterprise

Mailenable Professional

PT-2006-5912 · Mailenable · Mailenable Professional+1

CVE-2006-5177

Weakness Enumeration

Related Identifiers

Affected Products

References · 9