CVE-2006-3216 - OpenCVE

Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes "unpredictable behavior" that prevents the Security service from processing more messages.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Clearswift	Mailsweeper For Exchange Mailsweeper For Smtp

Configuration 1 [-]

OR	cpe:2.3:a:clearswift:mailsweeper_for_exchange::::::::
	cpe:2.3:a:clearswift:mailsweeper_for_smtp::::::::

No data.

References

Link	Providers
http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4%2C3%2C20.htm
http://secunia.com/advisories/20756
http://www.osvdb.org/26738
http://www.osvdb.org/26739
http://www.securityfocus.com/bid/18584
http://www.vupen.com/english/advisories/2006/2473
https://exchange.xforce.ibmcloud.com/vulnerabilities/27303
https://exchange.xforce.ibmcloud.com/vulnerabilities/27305

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-24T01:00:00

Updated: 2024-08-07T18:23:21.175Z

Reserved: 2006-06-23T00:00:00

Link: CVE-2006-3216

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-06-24T01:06:00.000

Modified: 2023-11-07T01:58:58.417

Link: CVE-2006-3216

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-21T00:00:00", "descriptions": [{"lang": "en", "value": "Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes \"unpredictable behavior\" that prevents the Security service from processing more messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "mailsweeper-malformed-message-dos(27305)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27305"}, {"name": "26739", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26739"}, {"name": "mailsweeper-reverse-dns-dos(27303)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27303"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4%2C3%2C20.htm"}, {"name": "18584", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18584"}, {"name": "20756", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20756"}, {"name": "26738", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26738"}, {"name": "ADV-2006-2473", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2473"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3216", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes \"unpredictable behavior\" that prevents the Security service from processing more messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "mailsweeper-malformed-message-dos(27305)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27305"}, {"name": "26739", "refsource": "OSVDB", "url": "http://www.osvdb.org/26739"}, {"name": "mailsweeper-reverse-dns-dos(27303)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27303"}, {"name": "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4,3,20.htm", "refsource": "CONFIRM", "url": "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4,3,20.htm"}, {"name": "18584", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18584"}, {"name": "20756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20756"}, {"name": "26738", "refsource": "OSVDB", "url": "http://www.osvdb.org/26738"}, {"name": "ADV-2006-2473", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2473"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:23:21.175Z"}, "title": "CVE Program Container", "references": [{"name": "mailsweeper-malformed-message-dos(27305)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27305"}, {"name": "26739", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26739"}, {"name": "mailsweeper-reverse-dns-dos(27303)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27303"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4%2C3%2C20.htm"}, {"name": "18584", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18584"}, {"name": "20756", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20756"}, {"name": "26738", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26738"}, {"name": "ADV-2006-2473", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2473"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3216", "datePublished": "2006-06-24T01:00:00", "dateReserved": "2006-06-23T00:00:00", "dateUpdated": "2024-08-07T18:23:21.175Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clearswift:mailsweeper_for_exchange:*:*:*:*:*:*:*:*", "matchCriteriaId": "87C646E9-A866-4747-9AE6-601199D4AC03", "versionEndIncluding": "4.3.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:clearswift:mailsweeper_for_smtp:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E3CA3AA-2DA8-4BA2-8FC9-1B5B66A4B21B", "versionEndIncluding": "4.3.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes \"unpredictable behavior\" that prevents the Security service from processing more messages."}, {"lang": "es", "value": "Clearswift MAILsweeper para SMTP anterior a v4.3.20 y MAILsweeper para Exchange anterior a v4.3.20 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de (1) caracteres \"no-ASCII\" en un resultado de b\u00fasqueda de DNS inversa desde una cabecera Received, que lleva a una parada del servicio Receiver, y (2) vectores sin especificar que tienen que ver con mensajes mal formados que provocan un \"comportamiento impredecible\" que impide al servicio Security procesar m\u00e1s mensajes"}], "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nClearswift, MAILsweeper for SMTP, 4.3.20 \r\nClearswift, MAILsweeper for Exchange, 4.3.20", "id": "CVE-2006-3216", "lastModified": "2023-11-07T01:58:58.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-24T01:06:00.000", "references": [{"source": "cve@mitre.org", "url": "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4%2C3%2C20.htm"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20756"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26738"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26739"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/18584"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2473"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27303"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27305"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}