Signature Detail

Short Name	SMTP:VULN:MERCUR-4-2
Severity	Info
Recommended	No
Category	SMTP
Keywords	Vulnerable Mercur Mailserver version (3.3 through 4.2)
Release Date	2005/01/28
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SMTP: Vulnerable Mercur Mailserver version (3.3 through 4.2)

This signature detects Mercur Mailserver version 3.3 through 4.2. These versions contain a buffer overflow vulnerability that enables attackers to run malicious code on a remote server.

Extended Description

A problem has been reported in MERCUR Mailserver when handling the IMAP AUTH command. The issue occurs when an overly long command is submitted, which may be due to a buffer overrun. This problem may make it possible for an attacker to gain unauthorized access to a vulnerable system.

Affected Products

Atrium Software MERCUR Mailserver 3.3.0
Atrium Software MERCUR Mailserver 3.3.0 SP1
Atrium Software MERCUR Mailserver 3.3.0 SP2
Atrium Software MERCUR Mailserver 4.0.0 1
Atrium Software MERCUR Mailserver 4.0.0 1 SP1
Atrium Software MERCUR Mailserver 4.2.0
Atrium Software MERCUR Mailserver 4.2.0 SP1
Atrium Software MERCUR Mailserver 4.2.0 SP2

References

BugTraq: 8861
CVE: CVE-2000-0239
URL: http://www.ussrback.com/labs36.html
URL: http://www.saintcorporation.com/cgi-bin/demo_tut.pl?tutorial_name=MERCUR_vulnerabilities.html&fact_color=doc&tag=

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

SMTP: Vulnerable Mercur Mailserver version (3.3 through 4.2)

Extended Description

Affected Products

References