CVE-2006-3216 - Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remo

CVE-2006-3216

Summary

Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes "unpredictable behavior" that prevents the Security service from processing more messages. This vulnerability is addressed in the following product releases: Clearswift, MAILsweeper for SMTP, 4.3.20 Clearswift, MAILsweeper for Exchange, 4.3.20

References

Vulnerable Configurations

cpe:2.3:a:clearswift:mailsweeper_for_exchange:*:*:*:*:*:*:*:*
cpe:2.3:a:clearswift:mailsweeper_for_exchange:*:*:*:*:*:*:*:*
cpe:2.3:a:clearswift:mailsweeper_for_smtp:*:*:*:*:*:*:*:*
cpe:2.3:a:clearswift:mailsweeper_for_smtp:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	18584
confirm	http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4,3,20.htm
osvdb	26738 26739
secunia	20756
vupen	ADV-2006-2473
xf	mailsweeper-malformed-message-dos(27305) mailsweeper-reverse-dns-dos(27303)

Last major update

20-07-2017 - 01:32

Published

24-06-2006 - 01:06

Last modified

20-07-2017 - 01:32