MERCUR Messaging Control Server Multiple Buffer Overflows

high Nessus Plugin ID 19600

Synopsis

The remote administrative system has multiple buffer overflow vulnerabilities.

Description

The remote host is running MERCUR Messaging Control Server, a telnet/web server to control MERCUR Messaging software.

According to its banner, the remote version of this software is vulnerable to multiple buffer overflow vulnerabilities. A remote attacker could exploit these flaws by sending specially crafted packets to port 32000, leading to a denial of service, or possibly arbitrary code execution.

Solution

Upgrade to MERCUR Messaging 2005+SP3 or later.

Plugin Details

Severity: High

ID: 19600

File Name: mercur_control_overflow.nasl

Version: Revision: 1.10

Type: remote

Agent: windows

Family: Windows

Published: 9/8/2005

Updated: 9/21/2012

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P