Lucene search

SAINT CorporationSAINT:B58FFB605A04F29B9DC27C661566C591

HistoryFeb 02, 2006 - 12:00 a.m.

Mercury Mail Transport System Phonebook service buffer overflow

2006-02-0200:00:00

SAINT Corporation

my.saintcorporation.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.945 High

EPSS

Percentile

99.2%

JSON

Added: 02/02/2006
CVE: CVE-2005-4411
BID: 16396
OSVDB: 22103

Background

Mercury Mail Transport System is a free mail server for Windows and Netware platforms. It includes a Phone Book service which runs on port 105/TCP.

Problem

A buffer overflow vulnerability in the Phone Book service allows remote command execution.

Resolution

Install the latest patch.

References

<http://securitytracker.com/alerts/2005/Dec/1015374.html>

Limitations

Exploit works on Mercury Mail Transport System 4.01a and 4.01b for Windows.

Platforms

Windows

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.945 High

EPSS

Percentile

99.2%

JSON

Related for SAINT:B58FFB605A04F29B9DC27C661566C591