Lucene search

[email protected]CVE-2003-1177

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2003-1177

2005-05-1004:00:00

[email protected]

web.nvd.nist.gov

mercur mailserver

4.2

buffer overflow

remote attack

denial of service

arbitrary code

auth command

pop3

imap server

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.225 Low

EPSS

Percentile

96.5%

JSON

Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.

Affected configurations

NVD

Node

atrium_softwaremercur_mailserverMatch3.3

atrium_softwaremercur_mailserverMatch3.3_sp1

atrium_softwaremercur_mailserverMatch3.3_sp2

atrium_softwaremercur_mailserverMatch4.1

atrium_softwaremercur_mailserverMatch4.1_sp1

atrium_softwaremercur_mailserverMatch4.2

atrium_softwaremercur_mailserverMatch4.2_sp1

atrium_softwaremercur_mailserverMatch4.2_sp2

CPENameOperatorVersion
atrium_software:mercur_mailserveratrium software mercur mailservereq3.3
atrium_software:mercur_mailserveratrium software mercur mailservereq3.3_sp1
atrium_software:mercur_mailserveratrium software mercur mailservereq3.3_sp2
atrium_software:mercur_mailserveratrium software mercur mailservereq4.1
atrium_software:mercur_mailserveratrium software mercur mailservereq4.1_sp1
atrium_software:mercur_mailserveratrium software mercur mailservereq4.2
atrium_software:mercur_mailserveratrium software mercur mailservereq4.2_sp1
atrium_software:mercur_mailserveratrium software mercur mailservereq4.2_sp2

CPE	Name	Operator	Version
atrium_software:mercur_mailserver	atrium software mercur mailserver	eq	3.3
atrium_software:mercur_mailserver	atrium software mercur mailserver	eq	3.3_sp1
atrium_software:mercur_mailserver	atrium software mercur mailserver	eq	3.3_sp2
atrium_software:mercur_mailserver	atrium software mercur mailserver	eq	4.1
atrium_software:mercur_mailserver	atrium software mercur mailserver	eq	4.1_sp1
atrium_software:mercur_mailserver	atrium software mercur mailserver	eq	4.2
atrium_software:mercur_mailserver	atrium software mercur mailserver	eq	4.2_sp1
atrium_software:mercur_mailserver	atrium software mercur mailserver	eq	4.2_sp2

References

archives.neohapsis.com/archives/fulldisclosure/2003-q4/1459.html

secunia.com/advisories/10038

www.atrium-software.com/mail%20server/pub/mcr42sp3a.html

www.osvdb.org/2688

www.securiteam.com/windowsntfocus/6U00N1P8KC.html

www.securityfocus.com/bid/8861

www.securityfocus.com/bid/8889

exchange.xforce.ibmcloud.com/vulnerabilities/13468

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.225 Low

EPSS

Percentile

96.5%

JSON

Related for CVE-2003-1177

nessus1 cvelist2 nvd2 cve1 prion1