mailing list archives
Re: Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003.
From: "Laurent Saplairoles" <lsaplai-list () telus net>
Date: Thu, 02 Dec 2004 01:35:03 -0800
On 1 Dec 2004 at 14:16, Reed Arvin wrote:
Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003
Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003.
There are 14 vulnerable commands that can be used to cause buffer
overflows to occur. After a successful login to the mail server, if
any of these commands are used with an overly long argument the
application closes resulting in a denial of service. The commands and
approximate argument lengths are as follows:
Mercury/32, v4.01a, Dec 8 2003
The vendor was notified of the issue. There was no response.
David Harris, author of both Merucry Mail server and Pegasus Mail has aknowledge
the problem this morning on the Mercury Mailing list. He announced that he was
working on a fix which should be available by tomorrow (Thusday Dec 2) evening
(take the timing as you wish, David is in NZ)
Reed, there are words of being able to run an application on the Mercury machine.
Can you confirm that? If so, please be sure to advise David Harris.
Sacha Guitry (1895 - 1957)
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un
Full-Disclosure - We believe in it.