Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] MailEnable HTTPS Buffer Overflow [x0n3-h4ck]

from [CorryL] Network Security [Permanent Link]
Subject: [Full-disclosure] MailEnable HTTPS Buffer Overflow [x0n3-h4ck]
Date: Sun, 24 Apr 2005 20:26:25 +0200 
-=[--------------------ADVISORY-------------------]=-
-=[                                               ]=-
-=[     MailEnable Enterprise & Pro remote BoF    ]=-
-=[                                               ]=-
-=[  Author: CorryL           www.x0n3-h4ck.org   ]=-
-=[                                               ]=-
-=[-----------------------------------------------]=-


-=[+] Application:    MailEnable HTTPMail (MEHTTPS.EXE)
-=[+] Version:        (Enterprise <= 1.04)-(Professional <= 1.54)
-=[+] Vendor's URL:   http://www.mailenable.com/
-=[+] Platform:       Windows
-=[+] Bug type:       Buffer overflow
-=[+] Exploitation:   Remote/Local
-=[-]
-=[+] Author:         CorryL  ~ corryl80[at]gmail[dot]com ~
-=[+] Reference:      www.x0n3-h4ck.org ~ irc.xoned.net #x0n3-h4ck


..::[ Descriprion ]::..

MailEnable's mail server software provides a powerful,
scalable hosted messaging platform for Microsoft Windows.
MailEnable offers stability, unsurpassed flexibility and
an extensive feature set which allows you to provide
cost-effective mail services.



..::[ Bug ]::..

This software affection from a buffer overflow on Header Field Definitions
"Authorization: ",
what it would allow to perform some arbitrary code inside the system victim


..::[ Proof Of Concept ]::..

GET / HTTP/1.0
Authorization: Ax270


..::[ Exploit ]::..

http://www.x0n3-h4ck.org/upload/x0n3-h4ck_mailenable_https.pl

..::[ Workaround ]::..

There is no workaround

..::[ Path or Fix ]::..

http://www.mailenable.com/hotfix


..::[ Disclousure Timeline ]::..

[21/04/2005] - Vendor notification
[22/04/2005] - Vendor Response
[22/04/2005] - Patch relase from vendor
[24/04/2005] - Public disclousure

CorryL
corryl80@gmail.com
www.x0n3-h4ck.org
Italian Security Team
Fax (+39) 02700520894
Tel (+39) 06452215277
irc.xoned.net #x0n3-h4ck

_________________________________
www.seekstat.it is your web stat
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] MailEnable HTTPS Buffer Overflow [x0n3-h4ck], CorryL <=
Previous by Date:  [Full-disclosure] hushmail redirected, Siegfried
Next by Date:  Re: [Full-disclosure] bitchx exploit, Pablo Escobar
Previous by Thread:  [Full-disclosure] hushmail redirected, Siegfried
Next by Thread:  [Full-disclosure] Some Web-programmer flaw 'may' result in code execution in server side!, Bipin Gautam
Indexes:  [Date] [Thread] [Top] [All Lists]