Vulnerabilities > CVE-2005-4411 - Remote Mailbox Name Service Buffer Overflow vulnerability in David Harris Mercury Mail Transport System 4.01B
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Mercury/32. CVE-2005-4411. Remote exploit for windows platform id EDB-ID:16419 last seen 2016-02-01 modified 2010-06-15 published 2010-06-15 reporter metasploit source https://www.exploit-db.com/download/16419/ title Mercury/32 <= 4.01b - PH Server Module Buffer Overflow description Mercury Mail Transport System 4.01b Remote Exploit (PH SERVER). CVE-2005-4411. Remote exploit for windows platform file exploits/windows/remote/1375.pl id EDB-ID:1375 last seen 2016-01-31 modified 2005-12-16 platform windows port 105 published 2005-12-16 reporter kingcope source https://www.exploit-db.com/download/1375/ title Mercury Mail Transport System 4.01b Remote Exploit PH SERVER type remote
Metasploit
| description | This module exploits a stack-based buffer overflow in Mercury/32 <= v4.01b PH Server Module. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. |
| id | MSF:EXPLOIT/WINDOWS/MISC/MERCURY_PHONEBOOK |
| last seen | 2020-01-13 |
| modified | 2017-07-24 |
| published | 2006-10-15 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4411 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/mercury_phonebook.rb |
| title | Mercury/32 PH Server Module Buffer Overflow |
Nessus
| NASL family | Gain a shell remotely |
| NASL id | MERCURY_PH_OVERFLOW.NASL |
| description | The remote host is running the Mercury Mail Transport System, a free suite of server products for Windows and Netware associated with Pegasus Mail. The remote installation of Mercury includes a ph server that is vulnerable to buffer overflow attacks. By leveraging this issue, an unauthenticated, remote attacker is able to crash the remote service and possibly execute arbitrary code remotely. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 20812 |
| published | 2006-01-27 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/20812 |
| title | Mercury Mail ph Server Remote Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/83209/mercury_phonebook.rb.txt |
| id | PACKETSTORM:83209 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | MC |
| source | https://packetstormsecurity.com/files/83209/Mercury-32-v4.01b-PH-Server-Module-Buffer-Overflow.html |
| title | Mercury/32 <= v4.01b PH Server Module Buffer Overflow |
Saint
| bid | 16396 |
| description | Mercury Mail Transport System Phonebook service buffer overflow |
| id | mail_misc_mercuryqsds |
| osvdb | 22103 |
| title | mercury_mail_phonebook |
| type | remote |