|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
A remote overflow exists in MailEnable's Messaging Services when logging is enable, which occurs by default. An attacker could send an HTTP get request of 4045 bytes or more, causing a heap-based buffer overflow. An attacker could use this to execute arbitrary code on the vulnerable system, or simply crash the application, causing a denial of service. When logging is not enabled, the HTTP request size must be at least 8500 bytes.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Denial of Service,
Input Manipulation
Impact:
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, MailEnable has released a patch to address this vulnerability.
|
|
Products |
|
Messaging Services
 |
Professional Edition 1.5 |
Professional Edition 1.6 |
Professional Edition 1.7 |
|
|
|
|
|
|
Credit |
- Behrang Fouladi - behrang
 hat-squad.com - Hat-Squad Security Group
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
