Mercury Mail Transport System Phonebook service buffer overflow

Added: 02/02/2006
CVE: CVE-2005-4411
BID: 16396
OSVDB: 22103

Background

Mercury Mail Transport System is a free mail server for Windows and Netware platforms. It includes a Phone Book service which runs on port 105/TCP.

Problem

A buffer overflow vulnerability in the Phone Book service allows remote command execution.

Resolution

Install the latest patch.

References

http://securitytracker.com/alerts/2005/Dec/1015374.html

Limitations

Exploit works on Mercury Mail Transport System 4.01a and 4.01b for Windows.

Platforms

Windows

Back to exploit index