Signature Detail

HTTP: MailEnable HTTP Authorization Overflow

This signature detects attempts to exploit a known vulnerability in the MailEnable mail server Web interface. An attacker can send an overly long authorization request to create a denial of service (DoS) or execute arbitrary code. Note: Vulnerability information and exploits are publically available.

Extended Description

MailEnable is prone to a remotely exploitable buffer overflow vulnerability. This issue occurs in the server's HTTP Header Field Definitions. This condition may be leveraged to overwrite sensitive program control variables, allowing a remote attacker to control execution flow of the server process.

Affected Products

• MailEnable MailEnable Enterprise Edition 1.0.0
• MailEnable MailEnable Enterprise Edition 1.0.0 1
• MailEnable MailEnable Enterprise Edition 1.0.0 2
• MailEnable MailEnable Enterprise Edition 1.0.0 3
• MailEnable MailEnable Enterprise Edition 1.0.0 4
• MailEnable MailEnable Professional 1.0.0 004
• MailEnable MailEnable Professional 1.0.0 005
• MailEnable MailEnable Professional 1.0.0 006
• MailEnable MailEnable Professional 1.0.0 007
• MailEnable MailEnable Professional 1.0.0 008
• MailEnable MailEnable Professional 1.0.0 009
• MailEnable MailEnable Professional 1.0.0 010
• MailEnable MailEnable Professional 1.0.0 011
• MailEnable MailEnable Professional 1.0.0 012
• MailEnable MailEnable Professional 1.0.0 013
• MailEnable MailEnable Professional 1.0.0 014
• MailEnable MailEnable Professional 1.0.0 015
• MailEnable MailEnable Professional 1.0.0 016
• MailEnable MailEnable Professional 1.0.0 017
• MailEnable MailEnable Professional 1.1.0
• MailEnable MailEnable Professional 1.101.0
• MailEnable MailEnable Professional 1.102.0
• MailEnable MailEnable Professional 1.103.0
• MailEnable MailEnable Professional 1.104.0
• MailEnable MailEnable Professional 1.105.0
• MailEnable MailEnable Professional 1.106.0
• MailEnable MailEnable Professional 1.107.0
• MailEnable MailEnable Professional 1.108.0
• MailEnable MailEnable Professional 1.109.0
• MailEnable MailEnable Professional 1.110.0
• MailEnable MailEnable Professional 1.111.0
• MailEnable MailEnable Professional 1.112.0
• MailEnable MailEnable Professional 1.113.0
• MailEnable MailEnable Professional 1.114.0
• MailEnable MailEnable Professional 1.115.0
• MailEnable MailEnable Professional 1.116.0
• MailEnable MailEnable Professional 1.12.0
• MailEnable MailEnable Professional 1.13.0
• MailEnable MailEnable Professional 1.14.0
• MailEnable MailEnable Professional 1.15.0
• MailEnable MailEnable Professional 1.16.0
• MailEnable MailEnable Professional 1.17.0
• MailEnable MailEnable Professional 1.18.0
• MailEnable MailEnable Professional 1.19.0
• MailEnable MailEnable Professional 1.2.0
• MailEnable MailEnable Professional 1.2.0 A
• MailEnable MailEnable Professional 1.5.0
• MailEnable MailEnable Professional 1.51.0
• MailEnable MailEnable Professional 1.52.0
• MailEnable MailEnable Professional 1.53.0
• MailEnable MailEnable Professional 1.54.0

References

• BugTraq: 13350
• CVE: CVE-2005-1348