安全研究

安全漏洞
MailEnable Mail Server HTTPMail远程堆溢出漏洞

发布日期:2004-05-09
更新日期:2004-05-14

受影响系统:
MailEnable MailEnable Professional 1.18
MailEnable MailEnable Professional 1.17
MailEnable MailEnable Professional 1.16
MailEnable MailEnable Professional 1.15
MailEnable MailEnable Professional 1.14
MailEnable MailEnable Professional 1.13
MailEnable MailEnable Professional 1.12
MailEnable MailEnable Professional 1.114
MailEnable MailEnable Professional 1.113
MailEnable MailEnable Professional 1.112
MailEnable MailEnable Professional 1.111
MailEnable MailEnable Professional 1.110
MailEnable MailEnable Professional 1.109
MailEnable MailEnable Professional 1.108
MailEnable MailEnable Professional 1.107
MailEnable MailEnable Professional 1.106
MailEnable MailEnable Professional 1.105
MailEnable MailEnable Professional 1.104
MailEnable MailEnable Professional 1.103
MailEnable MailEnable Professional 1.102
MailEnable MailEnable Professional 1.101
MailEnable MailEnable Professional 1.1
MailEnable MailEnable Professional 1.0017
MailEnable MailEnable Professional 1.0016
MailEnable MailEnable Professional 1.0015
MailEnable MailEnable Professional 1.0014
MailEnable MailEnable Professional 1.0013
MailEnable MailEnable Professional 1.0012
MailEnable MailEnable Professional 1.0011
MailEnable MailEnable Professional 1.0010
MailEnable MailEnable Professional 1.0009
MailEnable MailEnable Professional 1.0008
MailEnable MailEnable Professional 1.0007
MailEnable MailEnable Professional 1.0006
MailEnable MailEnable Professional 1.0005
MailEnable MailEnable Professional 1.0004
描述:
BUGTRAQ  ID: 10312

MailEnable是一款商业性质的POP3和SMTP服务器。

MailEnable的'Professional'和'Enterprise'版本存在远程堆溢出问题,远程攻击者可以利用这个漏洞以SYSTEM权限在系统上执行任意指令。

主要是系统对包含大量数据的GET请求缺少充分边界缓冲区检查,精心构建提交数据可能以SYSTEM权限在系统上执行任意指令。

<*来源:Behrang Fouladi (behrang@hat-squad.com
  *>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

Behrang Fouladi (behrang@hat-squad.com)提供了如下测试方法:

如果打开记录功能,提交如下请求:

GET /{4032 x A} HTTP/1.1

关闭记录功能的情况下,提交如下请求:

GET /{8501 x A} HTTP/1.1

建议:
厂商补丁:

MailEnable
----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

MailEnable Hotfix MEHTTPS.zip
http://mailenable.com/hotfix/MEHTTPS.zip

浏览次数:3182
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障