Reported June 24, 2003, by NC Agent.

 

 

VERSIONS AFFECTED

 

  • Atrium Software MERCUR Mail Server 4.02.09

 

DESCRIPTION

 

·         Multiple buffer-overflow vulnerabilities in Atrium Software MERCUR Mail Server 4.02.09 can result in the execution of arbitrary code on the vulnerable computer. If an attacker uses the EXAMINE, DELETE, SUBSCRIBE, RENAME, UNSUBSCRIBE, LIST, LSUB, STATUS, LOGIN, CREATE, or SELECT command to send a large amount of data, a buffer will overflow and cause the server to crash.  

VENDOR RESPONSE

 

Atrium Software International has released version 4.2.15.0, which doesn't contain these vulnerabilities.

 

CREDIT                                                                                                       
Discovered by NC Agent.