MERCUR Vulnerabilities

Updated 3/5/01

Impact

A buffer overflow in MERCUR could allow a remote attacker to execute arbitrary commands with the privileges of the mail server.

Background

MERCUR is an e-mail server for Windows. It includes SMTP, POP, and IMAP services, and a web configuration service. A companion product, the WEBVIEW WebMail-Client, allows users to access their e-mail from any web browser.

The MERCUR SMTP server supports the EXPN command, which can be used to verify the existence of a given e-mail address on the server.

The Problem

A buffer overflow in the processing of the EXPN command could allow a remote attacker to execute arbitrary commands with the privileges of the mail server, which is LocalSystem by default.

Other buffer overflow conditions are present in the processing of user input by the POP service, the IMAP service, and the WEBVIEW WebMail-Client, which could result in a denial-of-service attack against those services.

Resolution

Contact Atrium Software for a fix.

Where can I read more about this?

The EXPN vulnerability was posted to Bugtraq.

The denial of service in POP and IMAP was reported in Underground Security Systems Research advisory USSR-2000035.

The denial of service in the WEBVIEW WebMail-Client was reported in Underground Security Systems Research advisory USSR-2000036.