MailEnable Smtpd remote Dos [x0n3-h4ck]

From: CorryL (corryl_at_sitoverde.com)
Date: 04/05/05

Next message: Karol Więsek: "crontab from vixie-cron allows read other users crontabs"

Previous message: iDEFENSE Labs: "iDEFENSE Security Advisory 04.05.05: Computer Associates eTrust Intrusion Detection System CPImportKey DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "bugtraq" <bugtraq@securityfocus.com>
Date: Tue, 5 Apr 2005 22:29:26 +0200

-=[---------------------ADVISORY---------------------------]=-
-=[
                   ]=-
-=[ MailEnable Enterprise & Pro remote DOS ]=-
-=[
                   ]=-
-=[ Author: CorryL [corryl80@gmail.com] ]=-
-=[
                   ]=-
-=[
w.x0n3-h3ck.org ]=-
-=[-------------------------------------------------------------]=-

-=[+] Application: Mail Enable Smtpd ( MESMTPC.exe )
-=[+] Version: (Enterprise <= 1.04)-(Professional <= 1.54)
-=[+] Vendor's URL: www.mailenable.com
-=[+] Platform: Windows
-=[+] Bug type: DOS
-=[+] Exploitation: Remote/Local
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org

..::[ Descriprion ]::..

MailEnable's mail server software provides a powerful,
scalable hosted messaging platform for Microsoft Windows.
MailEnable offers stability, unsurpassed flexibility and
an extensive feature set which allows you to provide
cost-effective mail services.

..::[ Bug ]::..

smptd of mailenable has a bug on a particular request EHLO,
the bug and' caused by the dispatch of a lace unicode,
that the demon reads as an address of memory causing the crash of the
service

..::[ Proof Of Concept ]::..

EHLO x99

..::[ Exploit ]::..

http://www.x0n3-h4ck.org/upload/x0n3-h4ck_mailenable_smtpd.pl

..::[ Workaround ]::..

There is no workaround

..::[ Path or Fix ]::..

http://www.mailenable.com/hotfix

..::[ Disclousure Timeline ]::..

[02/04/2005] - Vendor notification
[03/04/2005] - Vendor Response
[03/04/2005] - Hotfix relased by vendor
[05/04/2005] - Public disclousure

CorryL
corryl80@gmail.com
www.x0n3-h4ck.org
Italian Security Team
Fax (+39) 02700520894
Tel (+39) 06452215277
irc.xoned.net #x0n3-h4ck

_________________________________
www.seekstat.it is your web stat

Next message: Karol Więsek: "crontab from vixie-cron allows read other users crontabs"

Previous message: iDEFENSE Labs: "iDEFENSE Security Advisory 04.05.05: Computer Associates eTrust Intrusion Detection System CPImportKey DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-disclosure] MailEnable Smtpd remote Dos [x0n3-h4ck]
... MailEnable's mail server software provides a powerful, ... scalable hosted messaging platform for Microsoft Windows. ... smptd of mailenable has a bug on a particular request EHLO, ... - Vendor Response ...
(Full-Disclosure)
[Full-disclosure] MailEnable HTTPS Buffer Overflow [x0n3-h4ck]
... MailEnable's mail server software provides a powerful, ... scalable hosted messaging platform for Microsoft Windows. ... MailEnable offers stability, unsurpassed flexibility and ... - Vendor Response ...
(Full-Disclosure)
MailEnable HTTPS Buffer Overflow [x0n3-h4ck]
... MailEnable's mail server software provides a powerful, ... MailEnable offers stability, unsurpassed flexibility and ... - Vendor Response ...
(Bugtraq)