MERCUR Messaging IMAP Service Multiple Command Remote Overflow

critical Nessus Plugin ID 21116

Synopsis

The remote IMAP server is affected by a remote buffer overflow vulnerability.

Description

The remote host is running MERCUR Messaging Server / Mailserver, a commercial messaging application for Windows.

The IMAP server component of this software fails to properly copy overly-long arguments to LOGIN and SELECT commands, which can be exploited to crash the server and possibly to execute arbitrary code remotely.

Note that the services run by default with LOCAL SYSTEM privileges, which means that an unauthenticated attacker can potentially gain complete control of the affected host.

Solution

No patch information at this time. Filter access to the IMAP4 Service, so that it can be used by trusted sources only.

See Also

https://seclists.org/fulldisclosure/2006/Mar/1111

Plugin Details

Severity: Critical

ID: 21116

File Name: mercur_imap_buffer_overflow.nasl

Version: 1.19

Type: remote

Published: 3/22/2006

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/16/2006

Exploitable With

CANVAS (CANVAS)

Metasploit (Mercur Messaging 2005 IMAP Login Buffer Overflow)

Reference Information

CVE: CVE-2006-1255

BID: 17138