Signature Detail

SMTP: MailEnable SMTP Authentication Buffer Overflow

This signature detects attempts to exploit a known vulnerability against SMTP authentication mechanism of MailEnable. The flaw is caused by insufficient boundary checking when handling the username argument in an AUTH command. A successful attacker can exploit this vulnerability to terminate the vulnerable service or execute arbitrary code with System privileges. Note: While the vendor claims that this vulnerability can only be exploited for denial-of-service attacks, testing has shown that it can be exploited for remote code execution attacks as well. In a simple attack case aimed at creating a denial of service condition, the affected service will terminate. If the service is not configured to restart automatically, then the MailEnable SMTP functionality will be unavailable until the server is restarted manually. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the service process, normally System.

References

• CVE: CVE-2005-0022
• CVE: CVE-2005-1781