SMTP: Mercury Mail Transport System AUTH Overflow
This signature detects attempts to exploit a known vulnerability in the Mercury Mail Transport System. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
Mercury Mail Transport System is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks when handling AUTH CRAM-MD5 requests. Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Successful exploits will compromise the computer. Failed exploit attempts will result in a denial of service. Versions prior to Mercury/32 v4.52 and Mercury/NLM v1.49 are vulnerable. UPDATE (August 28, 2007): Symantec has confirmed that this issue is being actively exploited in the wild.
Affected Products
Pegasus_mail mercury_mail_transport_system
Short Name
SMTP:MERCMAIL-AUTH-OF
Severity
Major
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
AUTH CVE-2007-4440 Mail Mercury Overflow System Transport bid:25357
Release Date
10/14/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3729
False Positive
Unknown
Vendors
Pegasus_mail
CVSS Score
7.5