lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <19EB64BD78B38346A99498A89CF73AB3C48D2E@dalexmb03.exchange.acsad.acs-inc.com>
Date: Tue Dec 20 09:29:08 2005
From: Security-Advisories at acs-inc.com (Security Advisories)
Subject: [ACSSEC-2005-11-27-0x2] Remote Overflows in
	Mailenable Enterprise 1.1 / Professional 1.7




Re: See-Security Research and Development
"A remote buffer overflow exists in MailEnable Enterprise 1.1 IMAP EXAMINE
command, which allows for post authentication code execution. This
vulnerability affects Mailenable Enterprise 1.1 *without* the ME-10009.EXE
patch."

-- There's a reason why the ME-10009 patch was released. You're welcome!


-=[+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++]=-
ACS Security Assessment Advisory - Buffer Overflow

ID:       ACSSEC-2005-11-27 - 0x2

Class:    Buffer Overflow
Package:  MailEnable Enterprise Edition version 1.1 
	    MailEnable Professional version 1.7 
Build:    Windows NT/2k/XP/2k3
Reported: Dec 01, 2005
Released: Dec 21, 2005

Remote:   Yes
Severity: Medium

Credit:   Tim Shelton	        <security-advisories@...-inc.com>
-=[+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++]=-

-=[ Background

MailEnable's mail server software provides a powerful, scalable 
hosted messaging platform for Microsoft Windows. MailEnable 
offers stability, unsurpassed flexibility and an  extensive 
feature set which allows you to provide cost-effective mail 
services.


-=[ Technical Description

Multiple vulnerabilities has been identified in MailEnable, 
which may be exploited by remote attackers to cause a denial 
of service, or could lead to remote execution of code. This 
issue is due to an error in the IMAP service that does not 
properly handle specially crafted requests.


-=[ Proof of Concepts

IMAP REQUEST: '02 LIST /.:/' + Ax5000 
IMAP REQUEST: '02 LSUB' /.:/ ('A' x 5000)  request
IMAP REQUEST: '02 UID FETCH /.:/' AX5000  ' FLAGS'
IMAP REQUEST: '02 UID FETCH /...'x5 ' FLAGS'
IMAP REQUEST: '02 UID FETCH '/\'x5000 '

Several others exist and all have been reported to the vendor.

-=[ Solution

According to Peter Fregon of MailEnable Pty. Ltd, these advisories have been
patched in the latest ME-10009 Patch.  Any further questions should be
directed towards the vendor.
http://www.mailenable.com/hotfix/default.asp

-=[ Credits

Vulnerability originally reported by Tim Shelton

-=[ Similar References

http://www.frsirt.com/english/advisories/2005/2579
http://www.frsirt.com/english/advisories/2005/2484

-=[ ChangeLog

2005-11-27 : Original Advisory
2005-12-01 : Notified Vendor
2005-12-03 : Vendor Response
2005-12-21 : Full Disclosure




-=[ Vendor Response
-----------------------------------------------------------------
Sat 12/3/2005 1:41 AM

Hi,
Thanks for the information. We have posted a hotfix for this at the
following URL:
http://www.mailenable.com/hotfix
We will also be updating our installation kits with this hotfix shortly.
?
Thanks
Peter Fregon
MailEnable Pty. Ltd.
?
------
Friday, 2 December 2005 03:02
All - 
Below is an internal advisory notification for MailEnable Enterprise Edition
version 1.1? and possibly others.? Attached is our Ethical Disclosure
Policy.? If you have any further questions, please do not hesitate to
contact us.
Thanks, 
Tim Shelton 
ACS Security Assessment Engineering 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051220/9c597474/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ