Computer Security
[EN] securityvulns.ru no-pyccku


Atrium Mercur Mailserver IMAPD buffer overflow
Published:22.03.2007
Source:
SecurityVulns ID:7446
Type:remote
Threat Level:
6/10
Description:Multiple buffer overflows in IMAP NTLM authentication implementation. Buffer overflow in SUBSCRIBE command.
Affected:ATRIUM : Mercur Mailserver 5.0
CVE:CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.)
 CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.)
 CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.)
Original documentdocumentmu-b, [Full-disclosure] Mercur SP4 IMAPD (22.03.2007)
Files:Mercur v5.00.14 (win32) remote exploit
 Exploits Mercur Messaging 2005 SP3 IMAP service - Egghunter mod
 Remote exploit for the stack overflow vulnerability in Mercur Messaging 2005 SP3 IMAP service

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod