Info

Disclosure

Apr 24, 2005

Discovery

Apr 21, 2005

Dates

Exploit

Apr 24, 2005

Solution

Unknown

Description

A remote overflow exists in MailEnable HTTPS Authorization. MailEnable fails to perform proper bounds checking in the processing of 'Authorization' HTTP header line resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, MailEnable has released a patch to address this vulnerability.

Products

MailEnable Pty. Ltd.	MailEnable Enterprise Edition	1.04
		1.03
		1.02
		1.01
		1.00
	MailEnable Professional Edition	1.54
		1.53
		1.52
		1.51
		1.5
		1.5g
		1.5e
		1.5d
		1.5c
		1.5b
		1.5a
		1.2a
		1.2
		1.1x

References

Security Tracker: 1013786
CVE ID: 2005-1348 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0543.html
Vendor URL: http://www.mailenable.com/
Vendor Specific Solution URL: http://www.mailenable.com/hotfix/MEHTTPS.zip
Generic Exploit URL: http://www.x0n3-h4ck.org/upload/x0n3-h4ck_mailenable_h ttps.pl

Credit

Corry L. - corrylsitoverde.com -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

MailEnable Pty. Ltd.

MailEnable Enterprise Edition

MailEnable Professional Edition

References

Credit