MailEnable HTTPMail Authorization header buffer overflow

Added: 06/26/2006
CVE: CVE-2005-1348
BID: 13350
OSVDB: 15737

Background

MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail.

Problem

MailEnable's HTTPMail service is affected by a buffer overflow vulnerability which could allow a remote attacker to execute arbitrary commands using a long, specially crafted Authorization header in an HTTP request.

Resolution

Upgrade to a version of MailEnable Enterprise higher than 1.04 or MailEnable Professional higher than 1.54, or install the HTTPMail fix.

References

http://www.securityfocus.com/archive/1/396826

Limitations

Exploit works on MailEnable Enterprise 1.04.

Platforms

Windows 2000
Windows XP
Windows Server 2003
Windows Server 2003 SP1

Back to exploit index