Mercury Mail Transport System < 4.01b ph Service Buffer Overflow

Critical Nessus Network Monitor Plugin ID 3383

Synopsis

The remote ph service is affected by a buffer overflow vulnerability.

Description

The remote host is running the Mercury Mail Transport System, a free suite of server products for Windows and NetWare associated with Pegasus Mail. The remote installation of Mercury includes a ph server that is vulnerable to buffer overflow attacks. By leveraging this issue, an unauthenticated remote attacker is able to crash the remote service and possibly execute arbitrary code remotely.

Solution

Upgrade to version 4.01b or higher.

See Also

http://www.milw0rm.com/id.php?id=1375

http://www.pmail.com/newsflash.htm#whfix

http://www.pmail.com/patches.htm

Plugin Details

Severity: Critical

ID: 3383

Family: IMAP Servers

Published: 2006/01/26

Modified: 2018/09/16

Dependencies: 3384, 1086

Nessus ID: 20812

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:david_harris:mercury_mail_transport_system

Exploitable With

Core Impact

Metasploit (Mercury/32 <= v4.01b PH Server Module Buffer Overflow)

Reference Information

CVE: CVE-2005-4411

BID: 16396