Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [MU-200609-01] Multiple Pre-Authentication Vulnerabili

from [noreply] Network Security [Permanent Link]
Subject: [Full-disclosure] [MU-200609-01] Multiple Pre-Authentication Vulnerabilities in MailEnable SMTP
Date: Fri, 29 Sep 2006 21:59:08 +0100 (BST) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Pre-Authentication Vulnerabilities in MailEnable SMTP [MU-200609-01]
September 29, 2006

http://labs.musecurity.com/advisories.html

Affected Product/Versions:

MailEnable Professional 2.0
MailEnable Enterprise 2.0

Product Overview:

"MailEnable's mail server software provides a powerful, scalable
hosted messaging platform for Microsoft Windows. MailEnable offers
stability, unsurpassed flexibility and an extensive feature set which
allows you to provide cost-effective mail services."

Vulnerability Details:

All three pre-authentication vulnerabilities are in the SMTP connector during
the NTLM authentication process, two of which can lead to arbitrary code
execution on the server. NTLM authentication is disabled by default, but can
be turned on by the administrator using the Messaging Manager. NTLM
authentication is unavailable in the Standard versions of MailEnable.

The first vulnerability is a buffer overflow while processing the signature
field of NTLM Type1 messages, leading to arbitrary code execution.

The second vulnerability is an out of bounds read while processing security
buffers in the base64 encoded NTLM Type1 message, leading to a denial of
service.

The third vulnerability is an out of bounds read during base64 decoding of
Type3 messages, leading to arbitrary code execution.

Vendor Response / Solution:

All users of MailEnable are recommended to immediately apply the hotfixes
available from the following URL:
http://www.mailenable.com/hotfix/MESMTP-060930.zip

All hotfixes are available from:
http://www.mailenable.com/hotfix

Mu Security would like to thank the MailEnable team for timely remediation of
these vulnerabilities.

History:

09/25/06 - First contact with the vendor
09/27/06 - Hotfix available for the vulnerabilities
09/29/06 - Advisory released

Credit:

These vulnerabilities were discovered by the Mu Security research team.

http://labs.musecurity.com/pgpkkey.txt

Mu Security offers a new class of security analysis system, delivering a
rigorous and streamlined methodology for verifying the robustness and security
readiness of any IP-based product or application. Founded by the pioneers of
intrusion detection and prevention technology, Mu Security is backed by
preeminent venture capital firms that include Accel Partners, Benchmark
Capital and DAG Ventures. The company is headquartered in Sunnyvale, CA. For
more information, visit the company's website at http://www.musecurity.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)

iD8DBQFFHYNxMl+docYeP+YRAuTOAJ9lMgKyRqpKFcd2M/16KRbGKYP7hQCgkh8t
sXxOWSX8VLlncvT8zvw3kvo=
=j0nl
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [MU-200609-01] Multiple Pre-Authentication Vulnerabilities in MailEnable SMTP, noreply <=
Previous by Date:  Re: [Full-disclosure] [WEB SECURITY] Stealing Search Engine Queries with JavaScript, Chris Hofmann
Next by Date:  [Full-disclosure] setSlice exploited in the wild - massively, Gadi Evron
Previous by Thread:  [Full-disclosure] [SECURITY] [DSA 1186-1] New cscope packages fix arbitrary code execution, Moritz Muehlenhoff
Next by Thread:  [Full-disclosure] setSlice exploited in the wild - massively, Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]