Signature Detail
Short Name |
SMTP:VULN:MERCUR-3-3 |
|---|---|
Severity |
Info |
Recommended |
No |
Category |
SMTP |
Keywords |
Vulnerable Mercur Mailserver version (< 3.3x) |
Release Date |
2005/02/02 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: Vulnerable Mercur Mailserver version (< 3.3x)
This signature detects Mercur Mailserver versions prior to 3.3x. These versions are vulnerable to directory traversals and multiple buffer overflow vulnerabilities. Any authenticated user could read other user's messages and an attacker could run malicious code on the remote server.
Extended Description
Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP "mail from" command, the POP3 "user" command and the IMAP "login" command. The application will crash if an overly long string is used as an argument to any of these commands.
Affected Products
- Atrium Software Mercur Mail Server 3.2.0
References
- BugTraq: 1051
- CVE: CVE-2000-0198
- URL: http://www.securityfocus.com/archive/1/64816
- URL: http://www.securityfocus.com/advisories/2120