MERCUR Vulnerabilities
Updated 3/5/01
Impact
A buffer overflow in MERCUR could allow
a remote attacker to execute arbitrary commands
with the privileges of the mail server.
Background
MERCUR is an
e-mail server for Windows. It includes SMTP,
POP, and IMAP services,
and a web configuration service. A companion product,
the WEBVIEW WebMail-Client,
allows users to access their e-mail from any web browser.
The MERCUR SMTP server supports the
EXPN command, which can be used to
verify the existence of a given e-mail address on the server.
The Problem
A buffer overflow in the processing of the EXPN
command could allow a remote attacker to execute arbitrary
commands with the privileges of the mail server, which is
LocalSystem by default.
Other buffer overflow conditions are present in the processing
of user input by the POP service, the IMAP service,
and the WEBVIEW WebMail-Client,
which could result in a denial-of-service attack
against those services.
Resolution
Contact Atrium Software
for a fix.
Where can I read more about this?
The EXPN vulnerability was posted to
Bugtraq.
The denial of service in POP and IMAP
was reported in Underground Security Systems Research advisory
USSR-2000035.
The denial of service in the WEBVIEW WebMail-Client was reported
in Underground Security Systems Research advisory
USSR-2000036.