MERCUR Vulnerabilities
Updated 7/26/02
CAN 2000-0198
CAN 2000-0239
CVE 2001-0280
CAN 2002-1073
Impact
A buffer overflow in MERCUR could allow
a remote attacker to execute arbitrary commands
with the privileges of the mail server.
Background
MERCUR is an
e-mail server for Windows. It includes SMTP,
POP, and IMAP services,
and a web configuration service. A companion product,
the WEBVIEW WebMail-Client,
allows users to access their e-mail from any web browser.
The MERCUR SMTP server supports the
EXPN command, which can be used to
verify the existence of a given e-mail address on the server.
The Problems
- 7/26/02
CAN 2002-1073
A buffer overflow in the MERCUR mail server's control service
could allow a remote attacker to execute arbitrary commands.
- 3/5/01
CVE 2001-0280
A buffer overflow in the processing of the EXPN
command could allow a remote attacker to execute arbitrary
commands with the privileges of the mail server, which is
LocalSystem by default.
-
CAN 2000-0198
CAN 2000-0239
Other buffer overflow conditions are present in the processing
of user input by the POP service, the IMAP service,
and the WEBVIEW WebMail-Client,
which could result in a denial-of-service attack
against those services.
Resolution
Upgrade to MERCUR 4.3, which will presumably contain a fix,
when it becomes available. Upgrades are available from
Atrium Software.
If verison 4.3 is not yet available, upgrade to version 4.2
and block the control service (32000/TCP)
at the firewall or network perimeter.
Where can I read more about this?
The buffer overflow in the control service was posted to
Bugtraq.
The EXPN vulnerability was posted to
Bugtraq.
The denial of service in POP and IMAP
was reported in Underground Security Systems Research advisory
USSR-2000035.
The denial of service in the WEBVIEW WebMail-Client was reported
in Underground Security Systems Research advisory
USSR-2000036.