Detections
Analytics

Mercur Mailserver Remote Overflow

medium Nessus Network Monitor Plugin ID 3480

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote IMAP server is running Mercur Mailserver.

This version of Mercur is vulnerable to a flaw where remote users can send specially crafted IMAP LOGIN and SELECT commands. Upon parsing of these commands, the Mercur Mailserver crashes, potentially executing arbitrary system code.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.atrium-software.com

Plugin Details

Severity: Medium

ID: 3480

Family: IMAP Servers

Published: 3/20/2006

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 5.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:atrium_software:mercur_messaging_2005

Exploitable With

CANVAS (CANVAS)

Metasploit (Mercur Messaging 2005 IMAP Login Buffer Overflow)

Reference Information

CVE: CVE-2006-1255, CVE-2006-7038, CVE-2006-7039, CVE-2006-7040, CVE-2006-7041

BID: 17138, 18462