Mercury Mail Remote IMAP Server Remote Overflow

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote IMAP server has multiple buffer overflow vulnerabilities.

Description :

The remote host is running Mercury Mail server, an IMAP server for
Windows.

According to its banner, the version of Mercury Mail running on the
remote host has multiple stack-based buffer overflow vulnerabilities.
A remote, authenticated attacker could exploit these issues to crash
the service or execute arbitrary code.

See also :

http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0028.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0099.html

Solution :

Upgrade to the latest version of this software.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 15867 ()

Bugtraq ID: 11775
11788

CVE ID: CVE-2004-1211