OSVDB ID: 12508 Title: Mercury Mail Transport System IMAP Server Multiple Command Remote Overflow |
Info |
|
|
Dates |
||||
|
|
Description |
A buffer overflow exists in Mercury Mail. The IMAP server fails to validate input passed to the EXAMINE, SUBSCRIBE, STATUS, APPEND, CHECK, CLOSE, EXPUNGE, FETCH, RENAME, DELETE, LIST, SEARCH, CREATE, and UNSUBSCRIBE commands resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
Classification |
Location:
Remote / Network Access
Attack Type: Input Manipulation Impact: Loss of Integrity Solution: Patch / RCS Exploit: Exploit Public, Exploit Commercial Disclosure: Uncoordinated Disclosure OSVDB: Authentication Required |
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, David Harris has released a patch to address this vulnerability. |
Products |
|
Credit |
|