Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1211

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1211
Last Modified 05 Sep 2008 04:40:42
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1211

Summary

Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.

Vulnerable Systems

Application

  • David Harris Mercury 4.0.1a


References

BID - 11775

XF - mercury-command-bo(18318)

OSVDB - 12508

SECUNIA - 13348

BUGTRAQ - 20041201 Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003.

CONFIRM - http://home.kabelfoon.nl/~jaabogae/han/m_401b.html


Last Updated: 27 May 2016 10:38:56