MailEnable Remote Format String Vulnerability
BID:12833
Info
MailEnable Remote Format String Vulnerability
| Bugtraq ID: | 12833 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 17 2005 12:00AM |
| Updated: | Mar 17 2005 12:00AM |
| Credit: | Discovery is credited to Mati Aharoni. |
| Vulnerable: |
MailEnable MailEnable 1.8 |
| Not Vulnerable: | |
Discussion
MailEnable Remote Format String Vulnerability
MailEnable is reported prone to a remote format string vulnerability.
Reportedly this issue arises when the application handles malicious data passed through a malformed SMTP request.
A successful attack may result in crashing the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context the server.
MailEnable 1.8 is reported vulnerable, however, it is possible that other versions are affected as well.
MailEnable is reported prone to a remote format string vulnerability.
Reportedly this issue arises when the application handles malicious data passed through a malformed SMTP request.
A successful attack may result in crashing the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context the server.
MailEnable 1.8 is reported vulnerable, however, it is possible that other versions are affected as well.
Exploit / POC
MailEnable Remote Format String Vulnerability
The researcher responsible for reporting this issue has stated that a proof of concept exploit has been developed for this issue. The proof of concept may be obtained from the following location:
http://www.hackingdefined.com/exploits/mailenable.tar.gz
It should be noted that integrity and availability of this proof of concept has not been verified by Symantec.
The researcher responsible for reporting this issue has stated that a proof of concept exploit has been developed for this issue. The proof of concept may be obtained from the following location:
http://www.hackingdefined.com/exploits/mailenable.tar.gz
It should be noted that integrity and availability of this proof of concept has not been verified by Symantec.
Solution / Fix
MailEnable Remote Format String Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
MailEnable Remote Format String Vulnerability
References:
References:
- MailEnable Homepage (MailEnable)
- Format string vulnerability in MailEnable 1.8 (a a