NAI WebShield SMTP Management Agent SET_CONFIG Overflow

high Nessus Plugin ID 10425

Synopsis

The remote management service is prone to a buffer overflow.

Description

The remote NAI WebShield SMTP Management tool is vulnerable to a buffer overflow which allows an attacker to gain execute arbitrary code on this host when it is issued a too long argument as a configuration parameter.

In addition to this, it allows an attacker to disable the service at will.

To re-enable the service :

- execute regedit

- edit the registry key 'Quarantine_Path' under HKLM\SOFTWARE\Network Associates\TVD\WebShield SMTP\MailScan

- change its value from 'XXX...XXX' to the valid path to the quarantine folder.

- restart the service

Solution

Filter incoming traffic to this port. You may also restrict the set of trusted hosts in the configuration console : - go to the 'server' section - select the 'trusted clients' tab - and set the data accordingly

Plugin Details

Severity: High

ID: 10425

File Name: nai_webshield_overflow.nasl

Version: 1.26

Type: remote

Published: 5/27/2000

Updated: 7/17/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: nai_webshield_management_agent/available, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/25/2000

Reference Information

CVE: CVE-2000-0447

BID: 1254