Atrium Mercur Mailserver IMAPD buffer overflow
Published:		22.03.2007
Source:		FULL-DISCLOSURE
SecurityVulns ID:		7446
Type:		remote
Level:		6/10
Description:		Multiple buffer overflows in IMAP NTLM authentication implementation. Buffer overflow in SUBSCRIBE command.

Affected:		ATRIUM : Mercur Mailserver 5.0
CVE:		CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.)
		CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.)
		CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.)

Original document

mu-b, [Full-disclosure] Mercur SP4 IMAPD (22.03.2007)

Files:		Exploits Mercur Messaging 2005 SP3 IMAP service - Egghunter mod
		Remote exploit for the stack overflow vulnerability in Mercur Messaging 2005 SP3 IMAP service
		Mercur v5.00.14 (win32) remote exploit
Discuss:		Read or add your comments to this news (0 comments)