OSVDB ID: 33545

Title: MERCUR Messaging/Mailserver IMAP NTLM Authentication NTLMSSP Argument Remote Overflow

Info

Disclosure

Mar 20, 2007

Discovery

Unknown

Dates

Exploit

Mar 20, 2007

Solution

Unknown

Description

A remote overflow exists in Mercur Messaging/Mailserver. The IMAP service fails to provide proper boundary checking when processing NTLM data resulting in a stack-based overflow. With a specially crafted NTLM authentication request provided with a long NTLMSSP argument, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Atrium Software	MERCUR Mailserver	4.3 SP3
Atrium Software	Messaging Server	2005 SP4

References

Security Tracker: 1017798
CVE ID: 2007-1578 (see also: NVD)
Bugtraq ID: 23058
Secunia Advisory ID: 24596
ISS X-Force ID: 33120
Milw0rm: 3527
Exploit Database: 3527
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0280.html
Vendor URL: http://www.atrium-software.com
Generic Exploit URL: http://www.digit-labs.org/files/exploits/mercur-v1.pl
http://www.saintcorporation.com
http://www.saintcorporation.com/cgi-bin/exploit_info/mercur_imap_ntlmssp

Credit

mu-b - mu-bdigit-labs.org -

Direct URL: http://osvdb.org/33545

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Atrium Software

MERCUR Mailserver

Messaging Server

References

Credit