SMTP: Vulnerable Mercur Mailserver version (< 3.3x)
This signature detects Mercur Mailserver versions prior to 3.3x. These versions are vulnerable to directory traversals and multiple buffer overflow vulnerabilities. Any authenticated user could read other user's messages and an attacker could run malicious code on the remote server.
Extended Description
Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP "mail from" command, the POP3 "user" command and the IMAP "login" command. The application will crash if an overly long string is used as an argument to any of these commands.
Affected Products
Atrium_software mercur_mail_server
References
BugTraq: 1051
CVE: CVE-2000-0198
URL: http://www.securityfocus.com/archive/1/64816 http://www.securityfocus.com/advisories/2120
Short Name
SMTP:VULN:MERCUR-3-3
Severity
Info
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
(< 3.3x) CVE-2000-0198 Mailserver Mercur Vulnerable bid:1051 version
Release Date
02/02/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Atrium_software
CVSS Score
5.0