Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| MailEnable Stack Overflow and Pointer Overwrite in IMAP Service Lets Remote Users Execute Arbitrary Code |
|---|
Categorie: Vulnerability
Posted: 2004-12-01 by ReCall
Views: 374
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: Hat-Squad Security Team reported two vulnerabilities in MailEnable in the IMAP service. A remote user can execute arbitrary code.
It is reported that a remote user can trigger a stack-based buffer overflow or an object pointer overwrite to execute arbitrary code on the target system.
A remote user can send a specially crafted command in the following format to trigger the buffer overflow:
<identifier tag 3bytes> <Ax8198> <ret_addr>
The original advisory and some demonstration exploit code is available at:
http://www.hat-squad.com/en/000102.html
Nima Majidi is credited with discovering this flaw.
The vendor was notified on November 24, 2004.
Impact: A remote user can execute arbitrary code on the target system with the privileges of the IMAP service.
Solution: The vendor has issued a fix, available at:
http://mailenable.com/hotfix.asp
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1145
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
