CVE-2010-2580

Name of the Vulnerable Software and Affected Versions MailEnable versions 3.x through 4.25

Description The issue concerns the SMTP service in MailEnable, where it fails to properly check the length of certain parameters. This can be exploited by remote attackers to cause a denial of service, leading to a crash. The attack can be initiated by sending a long email address in the MAIL FROM command or a long domain name in the RCPT TO command. This triggers an unhandled invalid parameter error.

Recommendations For MailEnable versions 3.x through 4.25, consider restricting access to the SMTP service until a fix is available. As a temporary workaround, limit the length of email addresses and domain names that can be processed by the MAIL FROM and RCPT TO commands to prevent the denial of service.