CVE-2004-2727
CVSS4.3
发布时间 :2004-12-31 00:00:00
修订时间 :2011-03-07 21:19:21
NMCOE    

[原文]Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request.


[CNNVD]MailEnable Mail Server HTTPMail远程堆溢出漏洞(CNNVD-200412-881)

        
        MailEnable是一款商业性质的POP3和SMTP服务器。
        MailEnable的'Professional'和'Enterprise'版本存在远程堆溢出问题,远程攻击者可以利用这个漏洞以SYSTEM权限在系统上执行任意指令。
        主要是系统对包含大量数据的GET请求缺少充分边界缓冲区检查,精心构建提交数据可能以SYSTEM权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:mailenable:mailenable:1.7
cpe:/a:mailenable:mailenable:1.6
cpe:/a:mailenable:mailenable:1.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2727
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2727
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-881
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/10312
(PATCH)  BID  10312
http://secunia.com/advisories/11588
(VENDOR_ADVISORY)  SECUNIA  11588
http://xforce.iss.net/xforce/xfdb/16115
(UNKNOWN)  XF  mailenable-disabled-mehttps-bo(16115)
http://xforce.iss.net/xforce/xfdb/16114
(UNKNOWN)  XF  mailenable-enabled-mehttps-dos(16114)
http://www.vupen.com/english/advisories/2005/0383
(UNKNOWN)  VUPEN  ADV-2005-0383
http://www.osvdb.org/6038
(UNKNOWN)  OSVDB  6038
http://www.osvdb.org/6037
(UNKNOWN)  OSVDB  6037
http://securitytracker.com/id?1010107
(UNKNOWN)  SECTRACK  1010107

- 漏洞信息

MailEnable Mail Server HTTPMail远程堆溢出漏洞
中危 缓冲区溢出
2004-12-31 00:00:00 2007-10-10 00:00:00
远程  
        
        MailEnable是一款商业性质的POP3和SMTP服务器。
        MailEnable的'Professional'和'Enterprise'版本存在远程堆溢出问题,远程攻击者可以利用这个漏洞以SYSTEM权限在系统上执行任意指令。
        主要是系统对包含大量数据的GET请求缺少充分边界缓冲区检查,精心构建提交数据可能以SYSTEM权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        MailEnable
        ----------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        MailEnable Hotfix MEHTTPS.zip
        
        http://mailenable.com/hotfix/MEHTTPS.zip

- 漏洞信息 (24103)

MailEnable Mail Server HTTPMail 1.x Remote Heap Overflow Vulnerability (EDBID:24103)
windows dos
2004-05-09 Verified
0 Behrang Fouladi
N/A [点击下载]
source: http://www.securityfocus.com/bid/10312/info

MailEnable is a commercially available POP3 and SMTP server for the Windows platform.

The 'Professional' and 'Enterprise' editions of MailEnable are reported to be prone to a remote heap buffer overflow. The overflow allows the attacker to control the EAX and ECX registers, allowing arbitrary code execution as SYSTEM.

All versions up to and including 1.18 are reported to be affected.

If logging is enabled, the request could contain:

GET /{4032 x A} HTTP/1.1

or, without logging:

GET /{8501 x A} HTTP/1.1		

- 漏洞信息

6037
MailEnable Professional HTTPMail GET Overflow
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

A buffer overflow exists in MailEnable's Messanging Services Professional Editions. Messaging Services fails to properly check the HTTP GET request's length, resulting in a heap-based overflow. With a specially crafted request, a remote attacker can execute arbitrary code resulting in a loss of integrity.

- 时间线

2004-05-11 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, MailEnable has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站