| VID |
12055 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
MERCUR Mailserver is vulnerable to a buffer overflow vulnerability via long AUTH command.
The 4.2 versions without SP3a and earlier versions of MERCUR Mailserver can be affected a buffer overflow vulnerability, caused by improperly checking boundary in the Base64 decoding when handling data supplied with the "AUTH" command. By supplying overly long, specially crafted login data, a remote attacker can cause a buffer overflow and can crash the Mailserver or execute arbitrary code on the target system.
* References:
http://www.secunia.com/advisories/10038/
* Platforms Affected:
Atrium Software MERCUR Mailserver 3.3, SP1 ~ SP2
Atrium Software MERCUR Mailserver 4.0 1, SP1
Atrium Software MERCUR Mailserver 4.2, SP1 ~ SP2
Microsoft Windows Any version |
| Recommendation |
Upgrade to MERCUR Mailserver version 4.2 and Apply Service Pack 3a from the atrium software Web site at http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html |
| Related URL |
CVE-2003-1177 (CVE) |
| Related URL |
8861,8889 (SecurityFocus) |
| Related URL |
13468 (ISS) |
|
