Full Disclosure mailing list archives
Remote Buffer Overflow in Mailenable Enterprise 1.1
From: "muts" <muts () inter net il>
Date: Mon, 19 Dec 2005 22:45:21 +0200
See-Security Research and Development. [-] Product Information MailEnable's mail server software provides a powerful, scalable hosted messaging platform for Microsoft Windows. MailEnable offers stability, unsurpassed flexibility and an extensive feature set which allows you to provide cost-effective mail services. [-] Vulnerability Description A remote buffer overflow exists in MailEnable Enterprise 1.1 IMAP EXAMINE command, which allows for post authentication code execution. This vulnerability affects Mailenable Enterprise 1.1 *without* the ME-10009.EXE patch. [-] Vendor Notification Vendor Notified, patch released, no animals harmed. [-] Exploit PoC code can be found @: http://www.hackingdefined.com/exploits/mailenable-imap-examine.py http://www.hackingdefined.com/exploits/muts_mailenable_imap_examine.pm [-] Credits The vulnerability was discovered by Mati Aharoni. Exploit coded by Mati Aharoni and Jacky Altal. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Remote Buffer Overflow in Mailenable Enterprise 1.1 muts (Dec 19)