SAINT CorporationSAINT:81D521A2B2D644960159B8B22E87997EMERCUR imapd SUBSCRIBE command buffer overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.593 Medium
EPSS
Percentile
97.7%
Added: 03/27/2007
CVE: CVE-2007-1579
BID: 23050
OSVDB: 33546
Background
[MERCUR Messaging Server](<http://www.atrium-software.com/index.php?conte
nt=mercur>) is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms.
Problem
A buffer overflow vulnerability allows remote, authenticated attackers to execute arbitrary commands by sending a long, specially crafted SUBSCRIBE command to the IMAP service.
Resolution
Upgrade to MERCUR Messaging Server 5.0 SP5 or higher when available.
References
<http://secunia.com/advisories/24619/>
Limitations
Exploit works on MERCUR Messaging Server 5.0 SP3 and SP4 and requires a valid user name and password.
The number of characters in the mail domain should be correct in order for the exploit to succeed.
Platforms
Windows 2000
Windows Server 2003 SP0
Windows Server 2003 SP1 / Windows Server 2003
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.593 Medium
EPSS
Percentile
97.7%