Lucene search
SAINT CorporationSAINT:22E7286F9783F05DBFC7B5B9CDBD5350HistoryOct 05, 2007 - 12:00 a.m.
Mercury Mail SMTP AUTH CRAM-MD5 buffer overflow
2007-10-0500:00:00
SAINT Corporation
download.saintcorporation.com
24
0.816 High
EPSS
Percentile
98.4%
Added: 10/05/2007
CVE: CVE-2007-4440
BID: 25357
OSVDB: 39669
Background
Mercury Mail Transport System is an e-mail server product for Windows and NetWare.
Problem
A buffer overflow vulnerability in the SMTP service allows remote attackers to execute arbitrary commands by sending a specially crafted argument to the **AUTH CRAM-MD5** command.
Resolution
Upgrade to Mercury Mail Transport System version 4.52 or higher.
References
<http://secunia.com/advisories/26519>
<http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0341.html>
Limitations
Exploit works on Mercury Mail Transport System 4.51.
Platforms
Windows
Related
checkpoint_advisories
checkpoint_advisories
nessus
nessus
Mercury SMTP Server AUTH CRAM-MD5 Remote Buffer Overflow
2007-08-23 00:00:00
saint
saint
Mercury Mail SMTP AUTH CRAM-MD5 buffer overflow
2007-10-05 00:00:00
Mercury Mail SMTP AUTH CRAM-MD5 buffer overflow
2007-10-05 00:00:00
Mercury Mail SMTP AUTH CRAM-MD5 buffer overflow
2007-10-05 00:00:00
packetstorm
packetstorm
Mercury Mail SMTP AUTH CRAM-MD5 Buffer Overflow
2009-11-26 00:00:00
prion
prion
Stack overflow
2007-08-21 00:17:00
cve
cve
CVE-2007-4440
2007-08-21 00:17:00
cvelist
cvelist
CVE-2007-4440
2007-08-21 00:00:00
nvd
nvd
CVE-2007-4440
2007-08-21 00:17:00