Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
BID:25733
Info
Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 25733 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5018 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 19 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | void is credited with the discovery of this issue. |
| Vulnerable: |
Pegasus Mail Mercury/32 4.52 |
| Not Vulnerable: | |
Discussion
Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
Mercury/32 is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.
To exploit this issue, attackers must have authenticated access to the affected application.
An attacker can exploit this issue to execute arbitrary machine code within the context of the user running the application. Failed exploit attempts will result in a denial-of-service vulnerability.
This issue affects Mercury/32 4.52; other versions may also be affected.
Mercury/32 is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.
To exploit this issue, attackers must have authenticated access to the affected application.
An attacker can exploit this issue to execute arbitrary machine code within the context of the user running the application. Failed exploit attempts will result in a denial-of-service vulnerability.
This issue affects Mercury/32 4.52; other versions may also be affected.
Exploit / POC
Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
References:
References:
- Mercury/32 Homepage (Pegasus Mail)