RSS: ME-10040 MailEnable Security Bulletin


This announcement advises that a hotfix is available for the recent Secunia advisories SA29277 and SA29300. The hotfix is for all versions of MailEnable older than 13th March 2008 (details below). This hotfix includes hotfix ME-10039 for convenience.
 
Fixes:

+ Denial of Service SMTP crash with the EXPN/VRFY commands

+ Denial of Service IMAP crash, and possible overflow vulnerability from authenticated users (Professional and Enterprise versions)

Versions affected:

Standard version before 1.986
Professional version before 3.14
Enterprise version before 3.14

If you are running older versions of MailEnable, then this hotfix also applies to the following versions:
Professional version before 1.87
Enterprise version before 1.44
Professional version before 2.52
Enterprise version before 2.52

Instructions:

Download and run the hotfix here: http://www.mailenable.com/hotfix/ME-10040.exe

 


Product: MailEnable
Version: All Versions
Revision Date: Thu, 13 Mar 2008 16:45:42 +1100