Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1177

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-1177
Last Modified 05 Sep 2008 04:36:14
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1177

Summary

Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.

Vulnerable Systems

Application

  • Atrium Software Mercur Mailserver 3.3

  • Atrium Software Mercur Mailserver 3.3 Sp1

  • Atrium Software Mercur Mailserver 3.3 Sp2

  • Atrium Software Mercur Mailserver 4.1

  • Atrium Software Mercur Mailserver 4.1 Sp1

  • Atrium Software Mercur Mailserver 4.2

  • Atrium Software Mercur Mailserver 4.2 Sp1

  • Atrium Software Mercur Mailserver 4.2 Sp2


References

SECUNIA - 10038

XF - mercur-auth-command-dos(13468)

BID - 8889

BID - 8861

MISC - http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html

OSVDB - 2688

FULLDISC - 20031024 Vulnerability in MERCUR Mail Server v4.2 SP3 and below

CONFIRM - http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html


Last Updated: 27 May 2016 10:38:16