Vulnerabilities > CVE-2000-0239 - Buffer Overflow vulnerability in Atrium Software products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

atrium-software

nessus

exploit available

NVD

Published: 2000-03-15

Updated: 2016-10-18

Summary

Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request.

Vulnerable Configurations

Part	Description	Count
Application	Atrium_Software Atrium Software Mercur Imap4 Server 3.20.01 Atrium Software Mercur Mailserver 3.2 Atrium Software Mercur Pop3 Server 3.20.01	3

Exploit-Db

description	Atrium Software Mercur WebView WebMail-Client 1.0 Buffer Overflow. CVE-2000-0239. Dos exploit for windows platform
id	EDB-ID:19810
last seen	2016-02-02
modified	2000-03-16
published	2000-03-16
reporter	Ussr Labs
source	https://www.exploit-db.com/download/19810/
title	Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow

Nessus

NASL family	CGI abuses
NASL id	MERCURE_WEBVIEW.NASL
description	The remote WebView service does not do proper bounds checking when processing the following request : GET /mmain.html&mail_user=aaa[...]aaa A remote attacker could exploit this to crash the service, or potentially execute arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	10346
published	2000-03-15
reporter	This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10346
title	MERCUR WebView WebMail Server mail_user Parameter DoS
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10346); script_version("1.29"); script_cvs_date("Date: 2018/11/15 20:50:17"); script_cve_id("CVE-2000-0239"); script_bugtraq_id(1056); script_name(english:"MERCUR WebView WebMail Server mail_user Parameter DoS"); script_summary(english:"Checks for a buffer overflow"); script_set_attribute(attribute:"synopsis", value: "A web application on the remote host has a buffer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The remote WebView service does not do proper bounds checking when processing the following request : GET /mmain.html&mail_user=aaa[...]aaa A remote attacker could exploit this to crash the service, or potentially execute arbitrary code."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/Mar/200"); script_set_attribute(attribute:"solution", value:"Upgrade to the latest version of this software."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2000/03/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2000/03/15"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_DENIAL); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc."); script_dependencie("http_version.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports(1080); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = 1080; if (! get_port_state(port)) exit(0, "Port "+port+" is closed"); if (http_is_dead(port: port)) exit(0, "Web server on port "+port+" is dead"); req2 = string("/mmain.html&mail_user=", crap(2000)); w = http_send_recv3(port: port, item:req2, method:"GET"); if (isnull(w)) security_hole(port);

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References