Announcements
Critical security updates for Mercury/32 and Mercury/NLM

In recent days we see a lot of attempts to utilize the issue that the above patches mend.

If you notice within Loader.Log (found in your server directory) that recently states multiple rows of "Restarted Mercury after apparent abnormal termination" you should suspect that you have been hit by attempts of exploit. Within MercuryS.Logs (depends on how you have set logging) you may find parallel log entries (same date and time as Loader.Log entries) stating multiple AUTH CRAM-MD5 - then you know you are hit - and should as soon as possible mend your system.

Lastly, within the MercuryS console window, you may see a connection as the attached image, hanging for a long time, - then you know you have been hit by people trying to exploit your un-updated Mercury.

So - Regard the updates as highly critical since it forces your server to restart if you are using the loader utility.

I personally thank David for his expediate attendance to this issue.

<P>In recent days we see a lot of attempts to utilize the issue that the above patches mend.</P> <P>If you notice within Loader.Log (found in your server directory) that recently states multiple rows of "Restarted Mercury after apparent abnormal termination" you should suspect that you have been hit by attempts of exploit. Within MercuryS.Logs (depends on how you have set logging) you may find parallel log entries (same date and time as Loader.Log entries) stating multiple AUTH CRAM-MD5 - then you know you are hit - and should as soon as possible mend your system.</P> <P>Lastly, within the MercuryS console window, you may see a connection as the attached image, hanging for a long time, - then you know you have been hit by people trying to exploit your un-updated Mercury.</P> <P>So - Regard the updates as highly critical since it forces your server to restart if you are using the loader utility.</P> <P>I personally thank David for his expediate attendance to this issue.</P>

Patches are now available to correct a potentially severe security weakness in the MercuryS SMTP server. This vulnerability affects the SMTP AUTH command and can result in crashes or, in the worst case, remote execution exploits. In essence, all current versions of Mercury are potentially affected to some extent by this problem.

Given the potential seriousness of this problem, we have produced three different patches:

  • For users of Mercury/32, a new release, v4.52 is available.

  • For users of Mercury/32 v4.01b who do not wish to upgrade to Mercury/32 v4.52 at this time, a v4.01c patch is available, which can be retrofitted into Mercury/32 v4.01b systems.

  • For users of the NLM version of Mercury, a patch is provided for both the Bindery and NDS mode versions of MercuryS.

All sites should regard this upgrade as critical.

For more information on these patches, please visit our official web site, http://www.pmail.com, and follow the "Newsflash" links on the front page.

Cheers!

-- David --

Patches are now available to correct a potentially severe security weakness in the MercuryS SMTP server. This vulnerability affects the SMTP AUTH command and can result in crashes or, in the worst case, remote execution exploits. In essence, all current versions of Mercury are potentially affected to some extent by this problem. Given the potential seriousness of this problem, we have produced three different patches: <UL> <LI>For users of Mercury/32, a new release, v4.52 is available.</LI></UL> <UL> <LI>For users of Mercury/32 v4.01b who do not wish to upgrade to Mercury/32 v4.52 at this time, a v4.01c patch is available, which can be retrofitted into Mercury/32 v4.01b systems.</LI></UL> <UL> <LI>For users of the NLM version of Mercury, a patch is provided for both the Bindery and NDS mode versions of MercuryS.</LI></UL> All sites should regard this upgrade as critical. For more information on these patches, please visit our official web site, <A class="" href="http://www.pmail.com/" target=_blank mce_href="Http://www.pmail.com">http://www.pmail.com</A>, and follow the "Newsflash" links on the front page. Cheers! -- David --

Downloads now available at the community as well.

Mecury/32 v4.52

Mercury/32 v4.01c Security patch for MercuryS AUTH CRAM-MD5 vulnerability

Mercury/NLM v1.49 Security patch for MercuryS AUTH CRAM-MD5 vulnerability

Feature set of latest Mercury/32 available at: http://community.pmail.com/pmail/MercuryReleaseNotes.aspx

<P>Downloads now available at the community as well.</P> <P><A class="" href="http://community.pmail.com/files/folders/mercur/entry3933.aspx" mce_href="/files/folders/mercur/entry3933.aspx">Mecury/32 v4.52</A></P> <P><A class="" href="http://community.pmail.com/files/folders/patches/entry3931.aspx" mce_href="/files/folders/patches/entry3931.aspx">Mercury/32 v4.01c Security patch for MercuryS AUTH CRAM-MD5 vulnerability</A></P> <P><A class="" href="http://community.pmail.com/files/folders/patches/entry3932.aspx" mce_href="/files/folders/patches/entry3932.aspx">Mercury/NLM v1.49 Security patch for MercuryS AUTH CRAM-MD5 vulnerability</A></P> <P>Feature set of latest Mercury/32 available at: <A href="http://community.pmail.com/pmail/MercuryReleaseNotes.aspx">http://community.pmail.com/pmail/MercuryReleaseNotes.aspx</A></P>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft