Lucene search
SAINT CorporationSAINT:ED3F0A93B8A857B07D460B4B4F7987AAHistoryJul 10, 2006 - 12:00 a.m.
MERCUR Messaging IMAP LOGIN command buffer overflow
2006-07-1000:00:00
SAINT Corporation
www.saintcorporation.com
18
0.895 High
EPSS
Percentile
98.8%
Added: 07/10/2006
CVE: CVE-2006-1255
BID: 17138
OSVDB: 23950
Background
MERCUR Messaging 2005 is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms.
Problem
A buffer overflow vulnerability in the IMAP service when processing the LOGIN command allows remote attackers to execute arbitrary commands.
Resolution
Apply MERCUR Messaging 2005 Service Pack 4 or higher.
References
<http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1104.html>
Limitations
Exploit works on MERCUR Messaging 2005 Service Pack 3.
Platforms
Windows 2000 SP0
Windows 2000 SP1
Windows 2000 SP2
Windows 2000 SP3
Windows 2000 / Windows 2000 SP4
Windows XP SP0 / Windows XP SP1
Windows XP / Windows XP SP2
Windows Server 2003
Windows Server 2003 SP1
Related
canvas
canvas
Immunity Canvas: VSPLOIT_MERCURIMAP
2006-03-19 01:02:00
openvas
openvas
Mercur Mailserver/Messaging <= 5.0 IMAP Overflow Vulnerability
2008-08-22 00:00:00
Mercur Mailserver/Messaging version <= 5.0 IMAP Overflow Vulnerability
2008-08-22 00:00:00
saint
saint
MERCUR Messaging IMAP LOGIN command buffer overflow
2006-07-10 00:00:00
MERCUR Messaging IMAP LOGIN command buffer overflow
2006-07-10 00:00:00
MERCUR Messaging IMAP LOGIN command buffer overflow
2006-07-10 00:00:00
packetstorm
packetstorm
Mercur v5.0 IMAP SP3 SELECT Buffer Overflow
2009-11-26 00:00:00
Mercur Messaging 2005 IMAP Login Buffer Overflow
2009-11-26 00:00:00
nessus
nessus
MERCUR Messaging IMAP Service Multiple Command Remote Overflow
2006-03-22 00:00:00
cve
cve
CVE-2006-1255
2006-03-19 01:02:00
nvd
nvd
CVE-2006-1255
2006-03-19 01:02:00
cvelist
cvelist
CVE-2006-1255
2006-03-19 01:00:00
prion
prion
Stack overflow
2006-03-19 01:02:00
checkpoint_advisories
checkpoint_advisories