Info

Disclosure

May 11, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in MailEnable's Messaging Services when logging is enable, which occurs by default. An attacker could send an HTTP get request of 4045 bytes or more, causing a heap-based buffer overflow. An attacker could use this to execute arbitrary code on the vulnerable system, or simply crash the application, causing a denial of service. When logging is not enabled, the HTTP request size must be at least 8500 bytes.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, MailEnable has released a patch to address this vulnerability.

Products

MailEnable Pty. Ltd.	Messaging Services	Professional Edition 1.5
		Professional Edition 1.6
		Professional Edition 1.7

References

Security Tracker: 1010107
Bugtraq ID: 10312
Secunia Advisory ID: 11588
ISS X-Force ID: 16114 16115
CVE ID: 2004-2727 (see also: NVD)
Related OSVDB ID: 6037
FrSIRT Advisory: ADV-2005-0383
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-05/0159.html
Other Advisory URL: http://www.hat-squad.com/en/000071.html
http://www.oliverkarow.de/research/MailWebHTTPAuthCrash.txt
Vendor URL: http://www.mailenable.com
Vendor Specific Solution URL: http://www.mailenable.com/hotfix

Credit

Behrang Fouladi - behranghat-squad.com - Hat-Squad Security Group

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

MailEnable Pty. Ltd.

Messaging Services

References

Credit