Mercury IMAP Server SEARCH Command Remote Buffer Overflow

This script is Copyright (C) 2007-2011 Tenable Network Security, Inc.


Synopsis :

The remote IMAP server is affected by a buffer overflow vulnerability.

Description :

The remote host is running the Mercury Mail Transport System, a free
suite of server products for Windows and NetWare associated with
Pegasus Mail.

The remote installation of Mercury Mail includes an IMAP server that
is affected by a buffer overflow vulnerability. Using a specially-
crafted SEARCH command, an authenticated, remote attacker can leverage
this issue to crash the remote application and even execute arbitrary
code remotely, subject to the privileges under which the application
runs.

Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 26067 ()

Bugtraq ID: 25733

CVE ID: CVE-2007-5018