Intrusion Prevention

Mercury.Mail.Transport.System.SMTP.AUTH.CRAMMD5.Buffer.Overflow

Description

This indicates a vulnerability in Mercury Mail Transport System. The vulnerability is caused by a stack buffer overflow error in the smtp service. The overflow occurs when the vulnerable software handles an AUTH CRAM-MD5 command. It allows remote attackers to execute arbitrary code by sending an AUTH CRAM-MD5 command with a long argument.

Affected Products

Mercury Mail Transport System version 4.51 and prior.

Impact

System compromise, arbitrary code execution.

Recommended Actions

Currently we are not aware of any official fix for this issue.

CVE References

CVE-2007-4440