[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Remote Buffer Overflow in Mailenable Enterprise 1.1

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Remote Buffer Overflow in Mailenable Enterprise 1.1
From: "muts" <muts@xxxxxxxxxxxx>
Date: Mon, 19 Dec 2005 22:45:21 +0200

See-Security Research and Development.

[-] Product Information

MailEnable's mail server software provides a powerful, scalable hosted
messaging platform for Microsoft Windows. MailEnable offers stability,
unsurpassed flexibility and an extensive feature set which allows you to
provide cost-effective mail services.

[-] Vulnerability Description
A remote buffer overflow exists in MailEnable Enterprise 1.1 IMAP EXAMINE
command, which allows for post authentication code execution.
This vulnerability affects Mailenable Enterprise 1.1 *without* the
ME-10009.EXE patch.

[-] Vendor Notification
Vendor Notified, patch released, no animals harmed.

[-] Exploit
PoC code can be found @:
http://www.hackingdefined.com/exploits/mailenable-imap-examine.py
http://www.hackingdefined.com/exploits/muts_mailenable_imap_examine.pm


[-] Credits
The vulnerability was discovered by Mati Aharoni.
Exploit coded by Mati Aharoni and Jacky Altal.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] .An uncontrolled fiscal crisis.. America.sfuture under George Bush.
Next by Date: Re: [Full-disclosure] [Clips] A small editorial about recentevents.(fwd)
Previous by thread: Re: [Full-disclosure] .An uncontrolled fiscal crisis.. America.sfuture under George Bush.
Next by thread: [Full-disclosure] MDKSA-2005:233 - Updated apache2 packages fix vulnerability in worker MPM
Index(es):
- Date
- Thread