Reported June 24, 2003, by NC Agent.

 

 

VERSIONS AFFECTED

 

  • Atrium Software MERCUR Mail Server 4.02.09

 

DESCRIPTION

 

<span style="font-family: Symbol">·<span style='font:7.0pt "Times New Roman"'>         </h3></h3><span style="font-family:Verdana">Multiple buffer-overflow vulnerabilities in Atrium Software MERCUR Mail Server 4.02.09 can result in the execution of arbitrary code on the vulnerable computer. If an attacker uses the EXAMINE, DELETE, SUBSCRIBE, RENAME, UNSUBSCRIBE, LIST, LSUB, STATUS, LOGIN, CREATE, or SELECT command to send a large amount of data, a buffer will overflow and cause the server to crash.</h3> <span style="font-family:Verdana"> </h3>

VENDOR RESPONSE

 

<span style="font-family:Verdana"><a href="http://www.atrium-softwareusa.com/EN/intro_en_orig_copy(2).html" style="color: blue; text-decoration: underline; text-underline: single">Atrium Software International</a> has released version 4.2.15.0, which doesn't contain these vulnerabilities.</h3>

 

CREDIT                                                                                                       
Discovered by NC Agent.