IPSwitch IMail SMTP Multiple Vulnerabilities (OF, DoS)

This script is Copyright (C) 2002-2015 Digital Defense, Inc.


Synopsis :

It may be possible to execute arbitrary commands on the remote
system.

Description :

A vulnerability exists within IMail that allows remote attackers to
gain SYSTEM level access to servers running IMail's SMTP daemon
(versions 6.06 and below). The vulnerability stems from the IMail
SMTP daemon not doing proper bounds checking on various input data
that gets passed to the IMail Mailing List handler code. If an
attacker crafts a special buffer and sends it to a remote IMail SMTP
server, it is possible that an attacker can remotely execute code
(commands) on the IMail system.

See also :

http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html

Solution :

Apply vendor-supplied patches.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.8
(CVSS2#E:F/RL:U/RC:ND)

Family: SMTP problems

Nessus Plugin ID: 10994 (DDI_IPSwitch-IMail-SMTP-Buffer-Overflow.nasl)

Bugtraq ID: 2083
2651

CVE ID: CVE-2001-0039
CVE-2001-0494

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial