Mercury SMTP Server AUTH CRAM-MD5 Remote Buffer Overflow

This script is Copyright (C) 2007-2011 Tenable Network Security, Inc.


Synopsis :

The remote mail server is affected by a buffer overflow vulnerability.

Description :

The remote host is running the Mercury Mail Transport System, a free
suite of server products for Windows and NetWare associated with
Pegasus Mail.

The version of Mercury Mail installed on the remote host includes an
SMTP server that is affected by a buffer overflow flaw. Using a
specially crafted 'AUTH CRAM-MD5' request, an unauthenticated, remote
attacker can leverage this issue to crash the remote application and
even execute arbitrary code remotely, subject to the privileges under
which the application runs.

See also :

http://www.nessus.org/u?349dac79
http://community.pmail.com/forums/thread/3816.aspx
http://www.pmail.com/m32_451.htm

Solution :

Upgrade to Mercury/32 v4.52 or later or apply the 4.01c / 1.49
security patch.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 25928 ()

Bugtraq ID: 25357

CVE ID: CVE-2007-4440