Multiple MTA HELO Command Remote Overflow

This script is Copyright (C) 1999-2011 Tenable Network Security, Inc.

Synopsis :

The remote SMTP server is vulnerable to an access control breach.

Description :

The remote SMTP server seems to allow remote users to
send mail anonymously by providing arguments that are
too long to the HELO command (more than 1024 chars).

This problem may allow malicious users to send unsolicited
mail (i.e., SPAM) or threatening mail using the server,
and keep their anonymity.

See also :

Solution :

If sendmail is being used, upgrade to version 8.9.x or newer.
If you do not run sendmail, contact your vendor.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 10260 ()

Bugtraq ID: 49431

CVE ID: CVE-1999-0098

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial