Security vulnerability in Mercury Mail [Update]
A security vulnerability in Mercury/32, the free mail server program from the developer of Pegasus Mail can be exploited by attackers to inject and execute arbitrary code. Sending a very long string in an AUTH CRAM-MD5 query for authentication to the mail server can cause a buffer overflow to occur in the mercurys.dll file.
The bug affects the current version of the server, version 4.51. Older versions may also be vulnerable. The developer has not yet released a security update. Until a patch becomes available, Mercury mail server administrators should restrict access to trusted persons and computers.
Update:
Updates for the Mercury Server are now available. Mercury/32 4.52 replaces the faulty Version 4.51. For users still running Version 4.01b the Update to Version 4.01c fixes the error. The developer has also made a patch available for the Novell-Version of Mercury/32.
- Mercury SMTPD Remote Preauth Stack Based Overrun, security advisory from eliteb0y on the Full Disclosure mailing list
- Description and download for the current version of Mercury Mail, version 4.51
(mba)