Vulnerabilities > CVE-2006-7039 - Remote Denial Of Service vulnerability in Atrium Software Mercur Messaging 2005 5.0Sp3

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
microsoft
atrium-software
nessus

Summary

The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.

Nessus

NASL familyWindows
NASL idMERCUR_2005SP4.NASL
descriptionThe remote host appears to be running MERCUR Messaging, a commercial mail server for Windows. According to its banner, the version of MERCUR Messaging installed on the remote host is affected by various denial of service attacks affecting the SMTP, POP3, and IMAP servers.
last seen2020-06-01
modified2020-06-02
plugin id21728
published2006-06-17
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21728
titleMERCUR Messaging < 2005 SP4 Multiple Remote DoS Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#



include("compat.inc");

if (description)
{
  script_id(21728);
  script_version("1.16");

  script_cve_id("CVE-2006-7038", "CVE-2006-7039", "CVE-2006-7040", "CVE-2006-7041");
  script_bugtraq_id(18462);

  script_name(english:"MERCUR Messaging < 2005 SP4 Multiple Remote DoS Vulnerabilities");
  script_summary(english:"Checks version of MERCUR Messaging");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote mail server is affected by multiple denial of service
flaws." );
 script_set_attribute(attribute:"description", value:
"The remote host appears to be running MERCUR Messaging, a commercial
mail server for Windows. 

According to its banner, the version of MERCUR Messaging installed on
the remote host is affected by various denial of service attacks
affecting the SMTP, POP3, and IMAP servers." );
 # https://web.archive.org/web/20060621054339/http://www.atrium-software.com/download/McrReadMe_EN.html
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0c69cce4" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to MERCUR Messaging version 2005 SP4 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2006/06/17");
 script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/10");
 script_cvs_date("Date: 2018/07/14  1:59:37");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
 
  script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");

  script_dependencies("smtpserver_detect.nasl", "popserver_detect.nasl", "imap4_banner.nasl");
  if (NASL_LEVEL >= 3000 )
    script_require_ports("Services/smtp", 25, "Services/pop3", 110, "Services/imap", 143, 32000);

  exit(0);
}


include("global_settings.inc");
include("imap_func.inc");
include("misc_func.inc");
include("pop3_func.inc");
include("smtp_func.inc");


# Do banner checks of various ports. 
#
# - SMTP.
port = get_kb_item("Services/smtp");
if (!port) port = 25;
banner = get_smtp_banner(port:port);
if (banner)
{
  # nb: banner for 2005 SP4 reads, in part, "MERCUR SMTP Server (v5.00.19".
  if (egrep(pattern:"^[0-9][0-9][0-9] .* MERCUR SMTP Server \(v([0-4]\.|5\.00\.(0[0-9]|1[0-8]))", string:banner))
  {
    security_hole(port);
    exit(0);
  }
  # Unless we're being paranoid, stop after getting the banner.
  if (report_paranoia < 2) exit(0);
}
# - POP3.
port = get_kb_item("Services/pop3");
if (!port) port = 110;
banner = get_pop3_banner(port:port);
if (banner)
{
  # nb: banner for 2005 SP4 reads, in part, "MERCUR POP3-Server (v5.00.12".
  if (egrep(pattern:"^(\+OK|-ERR) MERCUR POP3-Server \(v([0-4]\.|5\.00\.(0[0-9]|1[01]))", string:banner))
  {
    security_hole(port);
    exit(0);
  }
  # Unless we're being paranoid, stop after getting the banner.
  if (report_paranoia < 2) exit(0);
}
# - IMAP.
port = get_kb_item("Services/imap");
if (!port) port = 143;
banner = get_imap_banner(port:port);
if (banner)
{
  # nb: banner for 2005 SP4 reads, in part, "MERCUR IMAP4-Server (v5.00.14".
  if (egrep(pattern:"^\* (OK|BAD|NO) MERCUR IMAP4-Server \(v([0-4]\.|5\.00\.(0[0-9]|1[0-3]))", string:banner))
  {
    security_hole(port);
    exit(0);
  }
  # Unless we're being paranoid, stop after getting the banner.
  if (report_paranoia < 2) exit(0);
}
# - MERCUR Control Service
port = 32000;
banner = get_unknown_banner(port:port);
if (banner)
{
  # nb: banner for 2005 SP4 reads, in part, "MERCUR Control-Service (v5.00.14".
  if (egrep(pattern:"^MERCUR Control-Service \(v([0-4]\.|5\.00\.(0[0-9]|1[0-3]))", string:banner))
  {
    security_hole(port);
    exit(0);
  }
  # Unless we're being paranoid, stop after getting the banner.
  if (report_paranoia < 2) exit(0);
}