Mercury Mail Transport System 4.01a, and possibly prior versions, contain a vulnerability that can allow a remote, authenticated attacker to trigger a buffer overflow. The attacker could create a denial of service (DoS) condition or execute arbitrary code with the privileges of the mail server.
The vulnerability is due to the method in which Mail Transport System handles user input supplied to multiple IMAP commands. Mail Transport System fails to properly filter malicious characters and character sequences when using certain commands. An attacker can send a crafted request using a vulnerable command in a long argument to overflow a buffer.
Exploit code is available.
Patches are available.