MERCUR Messaging IMAP Server NTLM Authentication NTLMSSP Argument Remote Overflow

critical Nessus Plugin ID 25118

Language:

Synopsis

The remote mail server is vulnerable to a buffer overflow attack.

Description

The remote host is running MERCUR Messaging, a commercial mail server for Windows.

The IMAP server component of MERCUR Messaging is affected by a buffer overflow vulnerability involving its support for NTLM authentication. An unauthenticated, remote attacker can leverage this issue to crash the IMAP service or execute arbitrary code remotely.

Note that MERCUR Messaging's IMAP server runs as a service with LOCAL SYSTEM privileges by default.

Solution

Unknown at this time.

Plugin Details

Severity: Critical

ID: 25118

File Name: mercur_imap_ntlm_overflow.nasl

Version: 1.16

Type: remote

Family: Gain a shell remotely

Published: 4/30/2007

Updated: 7/14/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/20/2007

Reference Information

CVE: CVE-2007-1578

BID: 23058

Detections

Analytics