MailEnable HTTPMail Service Content-Length Header Overflow

critical Nessus Plugin ID 14655

Synopsis

The remote web server is affected by a buffer overflow vulnerability.

Description

The target is running at least one instance of MailEnable that has a flaw in the HTTPMail service (MEHTTPS.exe) in the Professional and Enterprise Editions. The flaw can be exploited by issuing an HTTP GET with an Content-Length header exceeding 100 bytes, which causes a fixed-length buffer to overflow, crashing the HTTPMail service and possibly allowing for arbitrary code execution.

Solution

Upgrade to MailEnable Professional / Enterprise 1.2 or later.
Alternatively, apply the HTTPMail hotfix from 9th August 2004.

See Also

http://www.mailenable.com/hotfix/

https://seclists.org/fulldisclosure/2004/Aug/30

Plugin Details

Severity: Critical

ID: 14655

File Name: mailenable_httpmail_content_length_overflow.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 9/3/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/30/2004

Reference Information

BID: 10838