lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <41AE7147.16976.BF7DD1@localhost>
From: lsaplai-list at telus.net (Laurent Saplairoles)
Subject: Re: Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003.


On 1 Dec 2004 at 14:16, Reed Arvin wrote:

> Summary:
> Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003
> (http://www.pmail.com/).
> 
> Details:
> Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003.
> There are 14 vulnerable commands that can be used to cause buffer
> overflows to occur. After a successful login to the mail server, if
> any of these commands are used with an overly long argument the
> application closes resulting in a denial of service. The commands and
> approximate argument lengths are as follows:

[snip]

> 
> Vulnerable Versions:
> Mercury/32, v4.01a, Dec 8 2003
> 
> Solutions:
> The vendor was notified of the issue. There was no response.
> 

[snip]

David Harris, author of both Merucry Mail server and Pegasus Mail has aknowledge 
the problem this morning on the Mercury Mailing list. He announced that he was 
working on a fix which should be available by tomorrow (Thusday Dec 2) evening 
(take the timing as you wish, David is in NZ)

Reed, there are words of being able to run an application on the Mercury machine. 
Can you confirm that? If so, please be sure to advise David Harris.


-- 
Laurent
Sacha Guitry (1895 - 1957)
Le meilleur moyen de faire tourner la t?te ? une femme, c'est de lui dire qu'elle a un 
joli profil.




Powered by blists - more mailing lists