Mercury IMAP Server <= 4.52 SEARCH Command Buffer Overflow
Medium Nessus Network Monitor Plugin ID 4220
SynopsisThe remote IMAP server is affected by a buffer overflow vulnerability.
DescriptionThe remote host is running the Mercury Mail Transport System, a free suite of server products for Windows and NetWare associated with Pegasus Mail. The remote installation of Mercury Mail includes an IMAP server that is affected by a buffer overflow vulnerability. Using a specially-crafted SEARCH command, an authenticated remote attacker can leverage this issue to crash the remote application and even execute arbitrary code, subject to the privileges under which the application runs.
SolutionUpgrade to a version of higher than 4.52.