Lucene search
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.MERCURY_MAIL_STACK.NASLHistoryNov 30, 2004 - 12:00 a.m.
Mercury Mail Remote IMAP Server Remote Overflow
2004-11-3000:00:00
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
www.tenable.com
60
The remote host is running Mercury Mail server, an IMAP server for Windows.
According to its banner, the version of Mercury Mail running on the remote host has multiple stack-based buffer overflow vulnerabilities.
A remote, authenticated attacker could exploit these issues to crash the service or execute arbitrary code.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if(description)
{
script_id(15867);
script_version ("1.17");
script_cve_id("CVE-2004-1211");
script_bugtraq_id(11775, 11788);
script_xref(name:"EDB-ID", value:"1375");
script_xref(name:"Secunia", value:"13348");
script_name(english:"Mercury Mail Remote IMAP Server Remote Overflow");
script_summary(english:"Checks for version of Mercury Mail");
script_set_attribute(
attribute:"synopsis",
value:"The remote IMAP server has multiple buffer overflow vulnerabilities."
);
script_set_attribute(attribute:"description", value:
"The remote host is running Mercury Mail server, an IMAP server for
Windows.
According to its banner, the version of Mercury Mail running on the
remote host has multiple stack-based buffer overflow vulnerabilities.
A remote, authenticated attacker could exploit these issues to crash
the service or execute arbitrary code." );
script_set_attribute(
attribute:"see_also",
value:"https://seclists.org/fulldisclosure/2004/Dec/45"
);
script_set_attribute(
attribute:"see_also",
value:"https://seclists.org/fulldisclosure/2004/Dec/116"
);
script_set_attribute(
attribute:"solution",
value:"Upgrade to the latest version of this software."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Mercury/32 v4.01a IMAP RENAME Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/30");
script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/29");
script_cvs_date("Date: 2018/11/15 20:50:22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Gain a shell remotely");
script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
script_dependencie("find_service2.nasl");
script_require_ports("Services/imap", 143);
script_exclude_keys("imap/false_imap");
exit(0);
}
#
# The script code starts here
#
include("imap_func.inc");
port = get_kb_item("Services/imap");
if(!port) port = 143;
banner = get_imap_banner(port:port);
if ( ! banner ) exit(0);
if(egrep(pattern:"^\* OK.*IMAP4rev1 Mercury/32 v([0-3]\..*|4\.(00.*|01[^b-z].*))server ready.*", string:banner))
{
security_hole(port);
}
Related
packetstorm
packetstorm
Mercury/32 v4.01a IMAP RENAME Buffer Overflow
2009-11-26 00:00:00
saint
saint
Mercury Mail IMAP DELETE command buffer overflow
2006-09-18 00:00:00
Mercury Mail IMAP DELETE command buffer overflow
2006-09-18 00:00:00
Mercury Mail IMAP DELETE command buffer overflow
2006-09-18 00:00:00
cvelist
cvelist
CVE-2004-1211
2004-12-15 05:00:00
CVE-2007-5018
2007-09-20 21:00:00
cve
cve
CVE-2004-1211
2005-01-10 05:00:00
CVE-2007-5018
2007-09-20 21:17:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Stack overflow
2007-09-20 21:17:00
Related for MERCURY_MAIL_STACK.NASL