Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview
Pegasus Mail & Mercury » General Information » Announcements » Re: Critical security updates for Mercury/32 and Mercury/NLM

Critical security updates for Mercury/32 and Mercury/NLM

Last post 08-24-2007, 0:36 by Peter Strömblad. 2 replies.
Sort Posts: Previous Next

  •  08-21-2007, 17:23

    • David Harris is not online. Last active: 11-18-2008, 23:20 David Harris
    • Top 10 Contributor
    • Joined on 01-31-2007
    • New Zealand
    • Contributor
    • Points 7,910
    • SystemAdministrator

    Critical security updates for Mercury/32 and Mercury/NLM

    Patches are now available to correct a potentially severe security weakness in the MercuryS SMTP server. This vulnerability affects the SMTP AUTH command and can result in crashes or, in the worst case, remote execution exploits. In essence, all current versions of Mercury are potentially affected to some extent by this problem.

    Given the potential seriousness of this problem, we have produced three different patches:

    • For users of Mercury/32, a new release, v4.52 is available.
    • For users of Mercury/32 v4.01b who do not wish to upgrade to Mercury/32 v4.52 at this time, a v4.01c patch is available, which can be retrofitted into Mercury/32 v4.01b systems.
    • For users of the NLM version of Mercury, a patch is provided for both the Bindery and NDS mode versions of MercuryS.

    All sites should regard this upgrade as critical.

    For more information on these patches, please visit our official web site, http://www.pmail.com, and follow the "Newsflash" links on the front page.

    Cheers!

    -- David --

  •  08-22-2007, 10:52

    Re: Critical security updates for Mercury/32 and Mercury/NLM

    Downloads now available at the community as well.

    Mecury/32 v4.52

    Mercury/32 v4.01c Security patch for MercuryS AUTH CRAM-MD5 vulnerability

    Mercury/NLM v1.49 Security patch for MercuryS AUTH CRAM-MD5 vulnerability

    Feature set of latest Mercury/32 available at: http://community.pmail.com/pmail/MercuryReleaseNotes.aspx

    Kind regards / Peter

  •  08-24-2007, 0:36

    Re: Critical security updates for Mercury/32 and Mercury/NLM

    Attachment: auth-cram-md5.jpg

    In recent days we see a lot of attempts to utilize the issue that the above patches mend.

    If you notice within Loader.Log (found in your server directory) that recently states multiple rows of "Restarted Mercury after apparent abnormal termination" you should suspect that you have been hit by attempts of exploit. Within MercuryS.Logs (depends on how you have set logging) you may find parallel log entries (same date and time as Loader.Log entries) stating multiple AUTH CRAM-MD5 - then you know you are hit - and should as soon as possible mend your system.

    Lastly, within the MercuryS console window, you may see a connection as the attached image, hanging for a long time, - then you know you have been hit by people trying to exploit your un-updated Mercury.

    So - Regard the updates as highly critical since it forces your server to restart if you are using the loader utility.

    I personally thank David for his expediate attendance to this issue.


    Kind regards / Peter
View as RSS news feed in XML

Copyright © 2007 David Harris / Peter Strömblad. All Rights Reserved. | Terms of Use | Privacy Statement
Questions/Problems with community.pmail.com? | Visit our Hoster: PraktIT | Pegasus Mail Home Page