CVE-2005-1014
CVSS7.5
发布时间 :2005-05-02 00:00:00
修订时间 :2008-09-05 16:47:57
NMCOS    

[原文]Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to execute arbitrary code via a long AUTHENTICATE command.


[CNNVD]MailEnable IMAP身份验证请求缓冲区溢出漏洞(CNNVD-200505-444)

        MailEnable Enterprise 1.04和较早的版本以及Professional 1.54,其IMAP服务中的缓冲区溢出漏洞,允许远程攻击者通过较长的AUTHENTICATE命令来执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mailenable:mailenable_enterprise:1.04
cpe:/a:mailenable:mailenable_professional:1.5
cpe:/a:mailenable:mailenable_professional:1.51
cpe:/a:mailenable:mailenable_enterprise:1.03
cpe:/a:mailenable:mailenable_professional:1.54
cpe:/a:mailenable:mailenable_enterprise:1.01
cpe:/a:mailenable:mailenable_enterprise:1.0
cpe:/a:mailenable:mailenable_enterprise:1.02
cpe:/a:mailenable:mailenable_professional:1.52
cpe:/a:mailenable:mailenable_professional:1.53

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1014
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1014
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-444
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/19947
(PATCH)  XF  mailenable-imap-dos(19947)
http://www.securityfocus.com/bid/12995
(PATCH)  BID  12995
http://www.mailenable.com/hotfix/
(PATCH)  CONFIRM  http://www.mailenable.com/hotfix/
http://securitytracker.com/id?1013637
(PATCH)  SECTRACK  1013637
http://secunia.com/advisories/14812
(VENDOR_ADVISORY)  SECUNIA  14812
http://lists.grok.org.uk/pipermail/full-disclosure/2005-April/033123.html
(VENDOR_ADVISORY)  FULLDISC  20050405 MailEnable Imapd remote BoF + Exploit [x0n3-h4ck]

- 漏洞信息

MailEnable IMAP身份验证请求缓冲区溢出漏洞
高危 缓冲区溢出
2005-05-02 00:00:00 2007-07-24 00:00:00
远程  
        MailEnable Enterprise 1.04和较早的版本以及Professional 1.54,其IMAP服务中的缓冲区溢出漏洞,允许远程攻击者通过较长的AUTHENTICATE命令来执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        MailEnable MailEnable Enterprise Edition 1.0 2
        MailEnable MEIMSM-HF050404.zip
        http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
        MailEnable MailEnable Enterprise Edition 1.0
        MailEnable MEIMSM-HF050404.zip
        http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
        MailEnable MailEnable Enterprise Edition 1.0 1
        MailEnable MEIMSM-HF050404.zip
        http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
        MailEnable MailEnable Enterprise Edition 1.0 3
        MailEnable MEIMSM-HF050404.zip
        http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
        MailEnable MailEnable Enterprise Edition 1.0 4
        MailEnable MEIMSM-HF050404.zip
        http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
        MailEnable MailEnable Professional 1.5
        MailEnable MEIMSM-HF050404.zip
        http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
        MailEnable MailEnable Professional 1.51
        MailEnable MEIMSM-HF050404.zip
        http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
        MailEnable MailEnable Professional 1.52
        MailEnable MEIMSM-HF050404.zip
        http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
        MailEnable MailEnable Professional 1.53
        MailEnable MEIMSM-HF050404.zip
        http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
        MailEnable MailEnable Professional 1.54
        MailEnable MEIMSM-HF050404.zip
        http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip

- 漏洞信息

15231
MailEnable IMAP A001 AUTHENTICATE Command Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

A remote overflow exists in MailEnable. MailEnable fails to check bounds for input passed to "A001 AUTHENTICATE <buffer>" resulting in a buffer overflow. With a specially crafted request greater than 1016 bytes, an attacker can overwrite the ECX and EAX registers causing arbitrary code execution, resulting in a loss of integrity.

- 时间线

2005-04-04 Unknow
2005-04-05 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, MailEnable has released a hotfix to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

MailEnable IMAP Authenticate Request Buffer Overflow Vulnerability
Boundary Condition Error 12995
Yes No
2005-04-04 12:00:00 2009-07-12 11:56:00
This issue was announced by the vendor.

- 受影响的程序版本

MailEnable MailEnable Professional 1.54
MailEnable MailEnable Professional 1.53
MailEnable MailEnable Professional 1.52
MailEnable MailEnable Professional 1.51
MailEnable MailEnable Professional 1.5
MailEnable MailEnable Enterprise Edition 1.0 4
MailEnable MailEnable Enterprise Edition 1.0 3
MailEnable MailEnable Enterprise Edition 1.0 2
MailEnable MailEnable Enterprise Edition 1.0 1
MailEnable MailEnable Enterprise Edition 1.0

- 漏洞讨论

MailEnable is prone to a remotely exploitable stack-based buffer overflow vulnerability. This vulnerability is exposed in the server's IMAP implementation. The issue may be triggered with a malicious 'A001 AUTHENTICATE' request to the IMAP service.

This vulnerability is reported to affect all unpatched versions of MailEnable Enterprise Edition and MailEnable Professional 1.5 and later.

- 漏洞利用

The following exploit was provided:

- 解决方案

A hot fix has been released to address this issue.


MailEnable MailEnable Enterprise Edition 1.0 2

MailEnable MailEnable Enterprise Edition 1.0

MailEnable MailEnable Enterprise Edition 1.0 1

MailEnable MailEnable Enterprise Edition 1.0 3

MailEnable MailEnable Enterprise Edition 1.0 4

MailEnable MailEnable Professional 1.5

MailEnable MailEnable Professional 1.51

MailEnable MailEnable Professional 1.52

MailEnable MailEnable Professional 1.53

MailEnable MailEnable Professional 1.54

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站