IPSwitch IMail SMTP Multiple Vulnerabilities (OF, DoS)

This script is Copyright (C) 2002-2014 Digital Defense, Inc.


Synopsis :

It may be possible to execute arbitrary commands on the remote
system.

Description :

A vulnerability exists within IMail that allows remote attackers to
gain SYSTEM level access to servers running IMail's SMTP daemon
(versions 6.06 and below). The vulnerability stems from the IMail
SMTP daemon not doing proper bounds checking on various input data
that gets passed to the IMail Mailing List handler code. If an
attacker crafts a special buffer and sends it to a remote IMail SMTP
server, it is possible that an attacker can remotely execute code
(commands) on the IMail system.

See also :

http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html

Solution :

Apply vendor-supplied patches.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : false

Family: SMTP problems

Nessus Plugin ID: 10994 (DDI_IPSwitch-IMail-SMTP-Buffer-Overflow.nasl)

Bugtraq ID: 2083
2651

CVE ID: CVE-2001-0039
CVE-2001-0494