CVE-2006-7038

Current Description

Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service.

Basic Data

PublishedFebruary 23, 2007
Last ModifiedJuly 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAtrium SoftwareMercur Messaging 20055.0_sp3*enterprise*****
    2.3ApplicationAtrium SoftwareMercur Messaging 20055.0_sp3*lite*****
    2.3ApplicationAtrium SoftwareMercur Messaging 20055.0_sp3*standard*****

Vulnerable Software List

VendorProductVersions
Atrium Software Mercur Messaging 2005 5.0_sp3

References

NameSourceURLTags
20432http://secunia.com/advisories/20432SECUNIAPATCH Vendor Advisory
http://www.atrium-software.com/download/McrReadMe_EN.htmlhttp://www.atrium-software.com/download/McrReadMe_EN.htmlCONFIRM
18462http://www.securityfocus.com/bid/18462BIDPATCH
ADV-2006-2354http://www.vupen.com/english/advisories/2006/2354VUPEN
mercur-nameserver-dos(27231)https://exchange.xforce.ibmcloud.com/vulnerabilities/27231XF