Vulnerabilities > CVE-2007-1373 - Unspecified vulnerability in Pmail Mercury Mail Transport System
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Mercury/32. CVE-2007-1373. Remote exploit for windows platform id EDB-ID:16473 last seen 2016-02-01 modified 2010-06-22 published 2010-06-22 reporter metasploit source https://www.exploit-db.com/download/16473/ title Mercury/32 <= 4.01b - LOGIN Buffer Overflow description Mercury/32 Mail Server <= 4.01b (check) Buffer Overflow Exploit PoC. CVE-2007-1373. Dos exploit for windows platform id EDB-ID:3418 last seen 2016-01-31 modified 2007-03-06 published 2007-03-06 reporter mu-b source https://www.exploit-db.com/download/3418/ title Mercury/32 Mail Server <= 4.01b check Buffer Overflow Exploit PoC description Mercury Mail <= 4.01a (Pegasus) IMAP Buffer Overflow Exploit. CVE-2006-5961,CVE-2007-1373. Remote exploit for windows platform id EDB-ID:1223 last seen 2016-01-31 modified 2005-09-20 published 2005-09-20 reporter c0d3r source https://www.exploit-db.com/download/1223/ title Mercury Mail <= 4.01a Pegasus IMAP Buffer Overflow Exploit
Metasploit
| description | This module exploits a stack buffer overflow in Mercury/32 <= 4.01b IMAPD LOGIN verb. By sending a specially crafted login command, a buffer is corrupted, and code execution is possible. This vulnerability was discovered by (mu-b at digit-labs.org). |
| id | MSF:EXPLOIT/WINDOWS/IMAP/MERCURY_LOGIN |
| last seen | 2020-03-09 |
| modified | 2018-10-28 |
| published | 2007-05-07 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1373 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/imap/mercury_login.rb |
| title | Mercury/32 4.01 IMAP LOGIN SEH Buffer Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/83126/mercury_login.rb.txt |
| id | PACKETSTORM:83126 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | MC |
| source | https://packetstormsecurity.com/files/83126/Mercury-32-4.01b-LOGIN-Buffer-Overflow.html |
| title | Mercury/32 <= 4.01b LOGIN Buffer Overflow |
Saint
| description | Mercury IMAP data continuation buffer overflow |
| id | mail_imap_mercury |
| osvdb | 33883 |
| title | mercury_imap_continuation |
| type | remote |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052802.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052802.html
- http://osvdb.org/33883
- http://osvdb.org/33883
- http://secunia.com/advisories/24367
- http://secunia.com/advisories/24367
- http://securityreason.com/securityalert/2398
- http://securityreason.com/securityalert/2398
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32848
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32848