Denial of Service Against Mercur Mail

Reported March 14, 2000 by USSRLabs
VERSIONS AFFECTED
  • MERCUR Mailserver 3.2
  • MERCUR POP3-Server (v3.20.01) for Windows 98/NT
  • MERCUR IMAP4-Server (v3.20.01) for Windows 98/NT

DESCRIPTION

Several buffer overflow conditions were discovered within Mercur mail software. According to USSRLabs report, sending a command string of 3000 characters could result in a denial of service condition against such a server.

VENDOR RESPONSE

Atrium Software is aware of this issue, however no response was known at the time of this writing.

CREDITS
Discovered by USSRLabs