SMTP: MailEnable SMTP Authentication Buffer Overflow
This signature detects attempts to exploit a known vulnerability against SMTP authentication mechanism of MailEnable. The flaw is caused by insufficient boundary checking when handling the username argument in an AUTH command. A successful attacker can exploit this vulnerability to terminate the vulnerable service or execute arbitrary code with System privileges. Note: While the vendor claims that this vulnerability can only be exploited for denial-of-service attacks, testing has shown that it can be exploited for remote code execution attacks as well. In a simple attack case aimed at creating a denial of service condition, the affected service will terminate. If the service is not configured to restart automatically, then the MailEnable SMTP functionality will be unavailable until the server is restarted manually. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the service process, normally System.
Extended Description
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
Affected Products
University_of_cambridge exim
Short Name
SMTP:OVERFLOW:MAILENABLE-BO
Severity
Major
Recommended
True
Recommended Action
None
Category
SMTP
Keywords
Authentication Buffer CVE-2005-0022 CVE-2005-1781 MailEnable Overflow SMTP bid:13772
Release Date
07/08/2011
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3671
False Positive
Unknown
Vendors
University_of_cambridge
CVSS Score
4.6
5.0