Macallan Mail Solution HTTP GET Request Buffer Overflow Vulnerability
BID:12137
Info
Macallan Mail Solution HTTP GET Request Buffer Overflow Vulnerability
| Bugtraq ID: | 12137 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 31 2004 12:00AM |
| Updated: | Dec 31 2004 12:00AM |
| Credit: | Discovery is credited to Dennis Rand. |
| Vulnerable: |
Macallan Mail Solution Macallan Mail Solution 4.0.6 .8 (Build 768) |
| Not Vulnerable: |
Macallan Mail Solution Macallan Mail Solution 4.1.1 .0 |
Discussion
Macallan Mail Solution HTTP GET Request Buffer Overflow Vulnerability
Macallan Mail Solution is prone to a remotely exploitable buffer overflow vulnerability. This issue is exposed when the Web interface is sent an overly long HTTP GET request.
This issue was reported to result in denial of service, however, code execution is likely since it appears that an attacker can influence the value of the saved instruction pointer and therefore control execution flow of the program.
Macallan Mail Solution is prone to a remotely exploitable buffer overflow vulnerability. This issue is exposed when the Web interface is sent an overly long HTTP GET request.
This issue was reported to result in denial of service, however, code execution is likely since it appears that an attacker can influence the value of the saved instruction pointer and therefore control execution flow of the program.
Exploit / POC
Macallan Mail Solution HTTP GET Request Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Macallan Mail Solution HTTP GET Request Buffer Overflow Vulnerability
Solution:
This issue is reportedly addressed in Macallan Mail Solution 4.1.1.0. Symantec has not confirmed this information.
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
This issue is reportedly addressed in Macallan Mail Solution 4.1.1.0. Symantec has not confirmed this information.
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Macallan Mail Solution HTTP GET Request Buffer Overflow Vulnerability
References:
References:
- Macallan Mail Solution 4.0.6.8 (Build 786) multiple vulnerabilities (Dennis Rand)
- Macallan Mail Solution Homepage (Macallan Mail Solution)