IMAP: Mailbox Name Buffer Overflow
This protocol anomaly triggers when it detects an IMAP mailbox name that is too long. This can indicate a buffer overflow attempt.
Extended Description
Mercur IMAP is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Currently, few technical details are available. This BID will be updated as more information becomes available. This issue may be related to BID 7842 (Atrium Software Mercur Mailserver IMAP Remote Buffer Overflow Vulnerability). An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
Affected Products
Atrium_software mercur_messaging_2005_standard_edition
Short Name
IMAP:OVERFLOW:MAILBOX
Severity
Major
Recommended
True
Recommended Action
None
Category
IMAP
Keywords
Buffer CVE-2005-0707 CVE-2005-3691 CVE-2006-1255 CVE-2006-6290 Mailbox Name Overflow bid:14315 bid:15492 bid:17138 bid:23050 bid:41704
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3671
False Positive
Unknown
Vendors
Atrium_software
CVSS Score
6.5
10.0
7.2
5.0