Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gain root remotely >> Mercur Mailserver/Messaging version <= 5.0 IMAP Overflow Vulnerability


Vulnerability Assessment Details

Mercur Mailserver/Messaging version <= 5.0 IMAP Overflow Vulnerability

Vulnerability Assessment Summary
Checks for buffer overflows in Mercur Mailserver/Messaging IMAP Services

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote IMAP server is affected by a remote buffer overflow
vulnerability.

Description :

The remote host is running MERCUR Messaging Server / Mailserver, a
commercial messaging application for Windows.

The IMAP server component of this software fails to properly copy
overly-long arguments to LOGIN and SELECT commands, which can be
exploited to crash the server and possibly to execute arbitrary code
remotely.

Note that the services run by default with LOCAL SYSTEM rights,
which means that an unauthenticated attacker can potentially gain
complete control of the affected host.

See also :

http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043972.html

Solution :

No patch information at this time.

Filter access to the IMAP4 Service, so that it can be used by trusted
sources only.

Network Security Threat Level:

High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)

Networks Security ID: 17138

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Ferdy Riphagen

Cables, Connectors


LOT OF 10 HPE JD092B X130 10G SFP+ LC SR Transceiver picture

LOT OF 10 HPE JD092B X130 10G SFP+ LC SR Transceiver

$40.00



NEW Genuine ARISTA SFP-10G-LR - 10GBASE-LR  XVR-10003-20 Transciever picture

NEW Genuine ARISTA SFP-10G-LR - 10GBASE-LR XVR-10003-20 Transciever

$49.99



New Precision DWDM SFP+ 10G 80km Tunable Transceiver 50GHz C-Temp DWDM-SFP10G-C picture

New Precision DWDM SFP+ 10G 80km Tunable Transceiver 50GHz C-Temp DWDM-SFP10G-C

$90.00



ARISTA SFP-10G-SR 10GBASE-SR SFP+ Optical Transceiver ModuXVR-00001-02 Lot of 10 picture

ARISTA SFP-10G-SR 10GBASE-SR SFP+ Optical Transceiver ModuXVR-00001-02 Lot of 10

$65.35



🔥🔥🔥Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver 10-2415-03 🔥🔥🔥 picture

🔥🔥🔥Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver 10-2415-03 🔥🔥🔥

$8.00



HP 560SFP+ Dual Port 10GB SFP+ Ethernet Adapter Intel X520-DA2 Card w/2 SFP picture

HP 560SFP+ Dual Port 10GB SFP+ Ethernet Adapter Intel X520-DA2 Card w/2 SFP

$14.99



HP 10Gb SR SFP+ 10GBASE-SR 455885-001 10Gigabit Ethernet Transceiver 456096-001 picture

HP 10Gb SR SFP+ 10GBASE-SR 455885-001 10Gigabit Ethernet Transceiver 456096-001

$6.99



Cisco SFP-10G-SR 10-2415-03  10 Gigabit Transceiver  WARRANTY  LOT OF 10   @ F picture

Cisco SFP-10G-SR 10-2415-03 10 Gigabit Transceiver WARRANTY LOT OF 10 @ F

$38.79



LOT OF 10 455883-B21 HP 10Gb SR SFP Transceiver 455885-001 456096-001 picture

LOT OF 10 455883-B21 HP 10Gb SR SFP Transceiver 455885-001 456096-001

$59.99



10-Pack NEW GENUINE Dell 10GB SFP-10G-SR SFP+ Transceiver AFBR-709SMZ-FT1 WTRD1 picture

10-Pack NEW GENUINE Dell 10GB SFP-10G-SR SFP+ Transceiver AFBR-709SMZ-FT1 WTRD1

$97.99



Discussions

No Discussions have been posted on this vulnerability.