MDaemon SMTP HELO Command Remote Overflow DoS

This script is Copyright (C) 1999-2011 Tenable Network Security, Inc.


Synopsis :

The remote mail server may be affected by a buffer overflow
vulnerability.

Description :

It was possible to crash the remote SMTP server by sending a too long
argument to the HELO command. This allows an unauthenticated, remote
attacker to deny service to legitimate users of the server.

It may also indicate the service is affected by a buffer overflow
vulnerability which, if true, would allow an attacker to execute
arbitrary code on the affected host, subject to the privileges under
which the service operates.

See also :

http://archives.neohapsis.com/archives/bugtraq/1998_1/0374.html

Solution :

Contact the vendor for a fix.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 10136 ()

Bugtraq ID: 8555
8621
8622

CVE ID: CVE-1999-0284