[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Remote Buffer Overflow in Mailenable Enterprise
From: "muts" <muts () inter ! net ! il>
Date: 2005-12-19 20:45:21
Message-ID: 200512192045.CGF31844 () nitzan ! inter ! net ! il
[Download RAW message or body]
See-Security Research and Development.
[-] Product Information
MailEnable's mail server software provides a powerful, scalable hosted
messaging platform for Microsoft Windows. MailEnable offers stability,
unsurpassed flexibility and an extensive feature set which allows you to
provide cost-effective mail services.
[-] Vulnerability Description
A remote buffer overflow exists in MailEnable Enterprise 1.1 IMAP EXAMINE
command, which allows for post authentication code execution.
This vulnerability affects Mailenable Enterprise 1.1 *without* the
ME-10009.EXE patch.
[-] Vendor Notification
Vendor Notified, patch released, no animals harmed.
[-] Exploit
PoC code can be found @:
http://www.hackingdefined.com/exploits/mailenable-imap-examine.py
http://www.hackingdefined.com/exploits/muts_mailenable_imap_examine.pm
[-] Credits
The vulnerability was discovered by Mati Aharoni.
Exploit coded by Mati Aharoni and Jacky Altal.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic