lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun Apr 24 19:30:16 2005
From: corryl at sitoverde.com (CorryL)
Subject: MailEnable HTTPS Buffer Overflow [x0n3-h4ck]

-=[--------------------ADVISORY-------------------]=-
-=[                                               ]=-
-=[     MailEnable Enterprise & Pro remote BoF    ]=-
-=[                                               ]=-
-=[  Author: CorryL           www.x0n3-h4ck.org   ]=-
-=[                                               ]=-
-=[-----------------------------------------------]=-


-=[+] Application:    MailEnable HTTPMail (MEHTTPS.EXE)
-=[+] Version:        (Enterprise <= 1.04)-(Professional <= 1.54)
-=[+] Vendor's URL:   http://www.mailenable.com/
-=[+] Platform:       Windows
-=[+] Bug type:       Buffer overflow
-=[+] Exploitation:   Remote/Local
-=[-]
-=[+] Author:         CorryL  ~ corryl80[at]gmail[dot]com ~
-=[+] Reference:      www.x0n3-h4ck.org ~ irc.xoned.net #x0n3-h4ck


..::[ Descriprion ]::..

MailEnable's mail server software provides a powerful,
scalable hosted messaging platform for Microsoft Windows.
MailEnable offers stability, unsurpassed flexibility and
an extensive feature set which allows you to provide
cost-effective mail services.



..::[ Bug ]::..

This software affection from a buffer overflow on Header Field Definitions
"Authorization: ",
what it would allow to perform some arbitrary code inside the system victim


..::[ Proof Of Concept ]::..

GET / HTTP/1.0
Authorization: Ax270


..::[ Exploit ]::..

http://www.x0n3-h4ck.org/upload/x0n3-h4ck_mailenable_https.pl

..::[ Workaround ]::..

There is no workaround

..::[ Path or Fix ]::..

http://www.mailenable.com/hotfix


..::[ Disclousure Timeline ]::..

[21/04/2005] - Vendor notification
[22/04/2005] - Vendor Response
[22/04/2005] - Patch relase from vendor
[24/04/2005] - Public disclousure

CorryL
corryl80@...il.com
www.x0n3-h4ck.org
Italian Security Team
Fax (+39) 02700520894
Tel (+39) 06452215277
irc.xoned.net #x0n3-h4ck

_________________________________
www.seekstat.it is your web stat

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ