Lucene search

SAINT CorporationSAINT:73DA212D6A4479B2884731D274276E81

HistoryFeb 02, 2006 - 12:00 a.m.

Mercury Mail Transport System Phonebook service buffer overflow

2006-02-0200:00:00

SAINT Corporation

download.saintcorporation.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.945 High

EPSS

Percentile

99.2%

JSON

Added: 02/02/2006
CVE: CVE-2005-4411
BID: 16396
OSVDB: 22103

Background

Mercury Mail Transport System is a free mail server for Windows and Netware platforms. It includes a Phone Book service which runs on port 105/TCP.

Problem

A buffer overflow vulnerability in the Phone Book service allows remote command execution.

Resolution

Install the latest patch.

References

<http://securitytracker.com/alerts/2005/Dec/1015374.html>

Limitations

Exploit works on Mercury Mail Transport System 4.01a and 4.01b for Windows.

Platforms

Windows

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.945 High

EPSS

Percentile

99.2%

JSON

Related for SAINT:73DA212D6A4479B2884731D274276E81