Atrium Software Mercur Mail Server 3.2 Multiple Buffer Overflows Vulnerability
BID:1051
Info
Atrium Software Mercur Mail Server 3.2 Multiple Buffer Overflows Vulnerability
| Bugtraq ID: | 1051 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0198 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 14 2000 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | Posted to Bugtraq on March 14, 2000 by USSR Labs <[email protected]>. |
| Vulnerable: |
Atrium Software Mercur Mail Server 3.2 |
| Not Vulnerable: | |
Discussion
Atrium Software Mercur Mail Server 3.2 Multiple Buffer Overflows Vulnerability
Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP "mail from" command, the POP3 "user" command and the IMAP "login" command. The application will crash if an overly long string is used as an argument to any of these commands.
Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP "mail from" command, the POP3 "user" command and the IMAP "login" command. The application will crash if an overly long string is used as an argument to any of these commands.
Exploit / POC
Atrium Software Mercur Mail Server 3.2 Multiple Buffer Overflows Vulnerability
USSR Labs has released the following exploits:
Binary POP3 DOS - domrc32p.exe
Binary IMAP DOS - domrc32i.exe
Source Code - merc32ds.zip
|[TDP]| <[email protected]> has provided the following exploit:
Code for Mercur 3.2 vulnerability - mercdos.c
USSR Labs has released the following exploits:
Binary POP3 DOS - domrc32p.exe
Binary IMAP DOS - domrc32i.exe
Source Code - merc32ds.zip
|[TDP]| <[email protected]> has provided the following exploit:
Code for Mercur 3.2 vulnerability - mercdos.c
Solution / Fix
Atrium Software Mercur Mail Server 3.2 Multiple Buffer Overflows Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Atrium Software Mercur Mail Server 3.2 Multiple Buffer Overflows Vulnerability
References:
References:
- Atrium Software Mercur Mail Server Homepage (Atrium Software)