Thanks for the email. This error was not an overflow issue but a bug in the
service (i.e. the error would cause the service to stop, but could the
exploiter could not exploit this further or run code on the server).
A fix for the bug can be found at:
http://www.mailenable.com/hotfix
Thanks
Peter Fregon
MailEnable Pty. Ltd.
-----Original Message-----
From: Oliver (at) greyhat (dot) de [email concealed] [mailto:Oliver (at) greyhat (dot) de [email concealed]]
Sent: Saturday, 15 May 2004 10:41 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Cc: info (at) mailenable (dot) com [email concealed]
Subject: Remote Buffer Overflow in MailEnable HTTPMail
Regarding to the heap overflow vulnerability of MailEnable HTTPMail
(http://www.securityfocus.com/bid/10312), i installed the latest hotfix
(http://mailenable.com/hotfix/MEHTTPS.zip), and found an additional
overflow.
Sending a request like:
c:\telnet localhost 8080
GET / HTTP/1.0
Authorization: A
Crashes the services. The overflow seems to occur in the Authorization
header variable. A single character will lead to the crash.
I did no further research in order to fully exploit this vuln. A more
detailed readme can be found on my website:
www.oliverkarow.de/research/MailWebHTTPAuthCrash.txt
Thanks for the email. This error was not an overflow issue but a bug in the
service (i.e. the error would cause the service to stop, but could the
exploiter could not exploit this further or run code on the server).
A fix for the bug can be found at:
http://www.mailenable.com/hotfix
Thanks
Peter Fregon
MailEnable Pty. Ltd.
-----Original Message-----
From: Oliver (at) greyhat (dot) de [email concealed] [mailto:Oliver (at) greyhat (dot) de [email concealed]]
Sent: Saturday, 15 May 2004 10:41 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Cc: info (at) mailenable (dot) com [email concealed]
Subject: Remote Buffer Overflow in MailEnable HTTPMail
Regarding to the heap overflow vulnerability of MailEnable HTTPMail
(http://www.securityfocus.com/bid/10312), i installed the latest hotfix
(http://mailenable.com/hotfix/MEHTTPS.zip), and found an additional
overflow.
Sending a request like:
c:\telnet localhost 8080
GET / HTTP/1.0
Authorization: A
Crashes the services. The overflow seems to occur in the Authorization
header variable. A single character will lead to the crash.
I did no further research in order to fully exploit this vuln. A more
detailed readme can be found on my website:
www.oliverkarow.de/research/MailWebHTTPAuthCrash.txt
[ reply ]