Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Gain a shell remotely --> Category: mixed

Mercury ph Server Buffer Overflow Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks for a buffer overflow vulnerability in Mercury ph Server

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote ph service is affected by a buffer overflow vulnerability.

Description :

The remote host is running the Mercury Mail Transport System, a free
suite of server products for Windows and Netware associated with
Pegasus Mail.

The remote installation of Mercury includes a ph server that is
vulnerable to buffer overflow attacks. By leveraging this issue, an
unauthenticated remote attacker is able to crash the remote service
and possibly execute arbitrary code remotely.

See also :

http://www.milw0rm.com/id.php?id=1375
http://www.pmail.com/newsflash.htm#whfix

Solution :

Install the Jan 2006 Mercury/32 Security patches for MercuryW and
MercuryH from http://www.pmail.com/patches.htm.

Threat Level:

High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.