http://archives.neohapsis.com/archives/ful...06-03/1359.html
Vulnerability Details:
A remote buffer overflow condition in MailEnable's POP3 service could
allow for arbitrary code execution. The vulnerable code can be
exercised remotely without authentication.
A second less critical bug was also reported and remedied. The bug
involved a cryptographic implementation mistake that weakened
authentication security.
[trim]
Hotfix solution to this advisory:
http://www.mailenable.com/hotfix/ME-10011.EXE
All hotfixes are available from:
http://www.mailenable.com/hotfix
All versions have been updated to include the hotfix:
http://www.mailenable.com/mailenablestandard.exe
http://www.mailenable.com/mailenableprof.exe
http://www.mailenable.com/mailenableent.exe
Full Version: MailEnable POP3 buffer overflow
Another day, another ME vulnerability. 
I hear many of you asking "I run MailEnable and I'm sick of all the updating, what should I do?" Well that is a very good question.
If you are running a small operation, I would recommend a switch to hmailserver. HMailServer is an open source mail server with support for IMAPv4, POP3 and SMTP. It also comes with a pretty GUI and uses either MySQL or MSSQL for database support.
If your running a business, I recommend Merak. It's pricey and worth every penny. It's robust, fast and has more options then 99% of the world needs. It works unlike Mail Enable and hasn't had a security hole in forever. It too has very pretty GUI. It also comes with a linux version if your into such things.
If you are running a small operation, I would recommend a switch to hmailserver. HMailServer is an open source mail server with support for IMAPv4, POP3 and SMTP. It also comes with a pretty GUI and uses either MySQL or MSSQL for database support.
If your running a business, I recommend Merak. It's pricey and worth every penny. It's robust, fast and has more options then 99% of the world needs. It works unlike Mail Enable and hasn't had a security hole in forever. It too has very pretty GUI. It also comes with a linux version if your into such things.
There's another unpatched buffer overflow in POP3. I got bit by it early this morning, although I can't see that it did anything. They are supposed to be posting an update later today.
Thanks for the reccomendations on HMailServer. For some reason I didn't know about that one.
Another recommendation for hMailServer here - we run that on a backup mx and it works really well 
It works well in Cortex as well. We use it as Cortex's Windows MTA, and it does great.
QUOTE (Matt2k)
Thanks for the reccomendations on HMailServer. For some reason I didn't know about that one.
My only concern is it's ability to scale. I'm not sure with all the database accessing it does if it would scale really well. I use Merak myself. However, for small operations, like one domain or someone basement, it's great for that.
The latest version caches a lot of its information now and doesn't need to hit the database as much.
unfortunatly i didnt realize this information before last week when two windows machines of mine had MEpop3 crashes and after this NEW ADMINISTRATOR named phpnet appeared
i found at google this mail enable hack writing in perl and i tried to simulate with myself but i didnt have time to overflow the buffer and i did the HOTFIX to stop any future attemps.
this attacks tried to create RADMIN r_server.exe (running a bat file to create a redit entry and to this tool) and tried to create a virtual directory to access TSWEB.
after applying this hotfix and changing every passwords, etc i am using unhackme, rootkit revealer, filemonitor
also some programas whre disguised inside of services such as Task Scheduler was not running tasks and i need to recreate the original svchost.exe entry)
this is really lame from ME team they had many problems including with imap, webmail and other exploits although i used the free version there were people paying to their other suites)
i also found many ways to create admin without any IIS problem
for instance: NetBIOS, NetCat, Tftp, Ftp -s, site exec ftp, etc
using ipsecs togheter with windows SP2 firewall could be another Layer of protection...
by the way i will also see to script a little vbs in orther to watch every 1 minute for new adiminstrator accounts and email or sms
kind regards
i found at google this mail enable hack writing in perl and i tried to simulate with myself but i didnt have time to overflow the buffer and i did the HOTFIX to stop any future attemps.
this attacks tried to create RADMIN r_server.exe (running a bat file to create a redit entry and to this tool) and tried to create a virtual directory to access TSWEB.
after applying this hotfix and changing every passwords, etc i am using unhackme, rootkit revealer, filemonitor
also some programas whre disguised inside of services such as Task Scheduler was not running tasks and i need to recreate the original svchost.exe entry)
this is really lame from ME team they had many problems including with imap, webmail and other exploits although i used the free version there were people paying to their other suites)
i also found many ways to create admin without any IIS problem
for instance: NetBIOS, NetCat, Tftp, Ftp -s, site exec ftp, etc
using ipsecs togheter with windows SP2 firewall could be another Layer of protection...
by the way i will also see to script a little vbs in orther to watch every 1 minute for new adiminstrator accounts and email or sms
kind regards
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.