Lucene search

SAINT CorporationSAINT:A130CEAE9B5FCBF679BDFE599E031FF3

HistoryMar 22, 2007 - 12:00 a.m.

Mercury IMAP data continuation buffer overflow

2007-03-2200:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.84 High

EPSS

Percentile

98.5%

JSON

Added: 03/22/2007
CVE: CVE-2007-1373
OSVDB: 33883

Background

Mercury Mail Transport System is an e-mail server product for Windows and NetWare.

Problem

A buffer overflow vulnerability in the Mercury IMAP service when processing data continuation specifiers allows remote attackers to execute arbitrary commands by sending a specially crafted LOGIN command.

Resolution

Upgrade to Mercury Mail 4.01c or higher when available.

References

<http://secunia.com/advisories/24367/>

Limitations

Exploit works on Mercury Mail Transport System 4.01a.

Platforms

Windows

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.84 High

EPSS

Percentile

98.5%

JSON

Related for SAINT:A130CEAE9B5FCBF679BDFE599E031FF3