Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:AF0AE2CE34639BE39992D1BCE6CD1B63
HistoryJul 10, 2006 - 12:00 a.m.

MERCUR Messaging IMAP LOGIN command buffer overflow

2006-07-1000:00:00
SAINT Corporation
download.saintcorporation.com
12

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.895 High

EPSS

Percentile

98.8%

JSON

Added: 07/10/2006
CVE: CVE-2006-1255
BID: 17138
OSVDB: 23950

Background

MERCUR Messaging 2005 is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms.

Problem

A buffer overflow vulnerability in the IMAP service when processing the LOGIN command allows remote attackers to execute arbitrary commands.

Resolution

Apply MERCUR Messaging 2005 Service Pack 4 or higher.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1104.html&gt;

Limitations

Exploit works on MERCUR Messaging 2005 Service Pack 3.

Platforms

Windows 2000 SP0
Windows 2000 SP1
Windows 2000 SP2
Windows 2000 SP3
Windows 2000 / Windows 2000 SP4
Windows XP SP0 / Windows XP SP1
Windows XP / Windows XP SP2
Windows Server 2003
Windows Server 2003 SP1

Related

canvas 1
openvas 2
saint 3
packetstorm 2
nessus 1
cve 1
cvelist 1
nvd 1
prion 1
checkpoint_advisories 1
canvas
canvas
Immunity Canvas: VSPLOIT_MERCURIMAP
2006-03-19 01:02:00
openvas
openvas
Mercur Mailserver/Messaging <= 5.0 IMAP Overflow Vulnerability
2008-08-22 00:00:00
Mercur Mailserver/Messaging version <= 5.0 IMAP Overflow Vulnerability
2008-08-22 00:00:00
saint
saint
MERCUR Messaging IMAP LOGIN command buffer overflow
2006-07-10 00:00:00
MERCUR Messaging IMAP LOGIN command buffer overflow
2006-07-10 00:00:00
MERCUR Messaging IMAP LOGIN command buffer overflow
2006-07-10 00:00:00
packetstorm
packetstorm
Mercur v5.0 IMAP SP3 SELECT Buffer Overflow
2009-11-26 00:00:00
Mercur Messaging 2005 IMAP Login Buffer Overflow
2009-11-26 00:00:00
nessus
nessus
MERCUR Messaging IMAP Service Multiple Command Remote Overflow
2006-03-22 00:00:00
cve
cve
CVE-2006-1255
2006-03-19 01:02:00
cvelist
cvelist
CVE-2006-1255
2006-03-19 01:00:00
nvd
nvd
CVE-2006-1255
2006-03-19 01:02:00
prion
prion
Stack overflow
2006-03-19 01:02:00
checkpoint_advisories
checkpoint_advisories
IMAP Servers Overly Long Commands Buffer Overflow (CVE-2005-3155; CVE-2006-0853; CVE-2006-1255; CVE-2006-2502; CVE-2006-2646; CVE-2007-1579)
2006-12-14 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.895 High

EPSS

Percentile

98.8%

JSON
Related for SAINT:AF0AE2CE34639BE39992D1BCE6CD1B63
canvas1openvas2saint3packetstorm2nessus1cve1cvelist1nvd1prion1checkpoint_advisories1