MERCUR Mailserver SMTP / IMAP / POP3 Servers Remote Overflows

This script is Copyright (C) 2003-2017 Tenable Network Security, Inc.


Synopsis :

The remote mail server is prone to a buffer overflow attack.

Description :

The remote Atrium MERCUR SMTP server (mail server) seems to be
vulnerable to a remote buffer overflow. Successful exploitation of
this vulnerability would give a remote attacker administrative access
to the mail server and access to potentially confidential data.

The IMAP and POP3 servers are affected by similar issues involving the
AUTHENTICATE and AUTH commands respectively.

See also :

http://seclists.org/fulldisclosure/2003/Oct/1427

Solution :

Upgrade to MERCUR Mailserver 4.2 SP3a or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 11910 ()

Bugtraq ID: 8861
8889

CVE ID: CVE-2003-1177

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now