Ipswitch IMail / SLMail VRFY Command Remote Overflow

This script is Copyright (C) 1999-2012 Tenable Network Security, Inc.


Synopsis :

The remote mail server is vulnerable to denial of service.

Description :

It was possible to crash the affected SMTP service by sending a VRFY
command with a long argument.

This attack is known to affect certain versions of Ipswitch IMail and
Seattle Labs' SLMail, although products from other vendors may also be
affected.

An unauthenticated, remote attacker can leverage this issue to conduct
a denial of service attack against the affected mail server.

See also :

http://archives.neohapsis.com/archives/bugtraq/1998_1/0380.html
http://archives.neohapsis.com/archives/bugtraq/1998_1/0381.html

Solution :

Contact the product's vendor for an update.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SMTP problems

Nessus Plugin ID: 10254 ()

Bugtraq ID:

CVE ID: CVE-1999-0231