IMAP: SUBSCRIBE Command Buffer Overflow
This signature detects attempts to exploit a known vulnerability against Atrium Software's Mercur IMAP Server. Versions 5.00.14 SP4 and prior are vulnerable. IPSwitch IMail Server is also vulnerable. Attackers can perform a buffer overflow in the IMAP server allowing remote code execution.
Extended Description
Mercur IMAP is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Currently, few technical details are available. This BID will be updated as more information becomes available. This issue may be related to BID 7842 (Atrium Software Mercur Mailserver IMAP Remote Buffer Overflow Vulnerability). An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
Affected Products
Atrium_software mercur_messaging_2005_standard_edition
References
CVE: CVE-2006-6761
URL: http://www.securityfocus.com/bid/23050 http://www.frsirt.com/english/advisories/2007/1092 https://www.immunityinc.com/downloads/immpartners/mercurimapsubscribe.tar http://www.ipswitch.com/support/ics/updates/ics200621.asp http://www.zerodayinitiative.com/advisories/zdi-07-043.html
Short Name
IMAP:MER-SUBSCRIBE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
IMAP
Keywords
Buffer CVE-2006-6761 CVE-2007-1579 CVE-2007-2795 Command Overflow SUBSCRIBE bid:23050 bid:24962
Release Date
04/27/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3728
False Positive
Unknown
Vendors
Atrium_software
CVSS Score
6.5
9.0
10.0