IPSwitch IMail SMTP Multiple Vulnerabilities (OF, DoS)

This script is Copyright (C) 2002-2016 Digital Defense, Inc.


Synopsis :

It may be possible to execute arbitrary commands on the remote
system.

Description :

A vulnerability exists within IMail that allows remote attackers to
gain SYSTEM level access to servers running IMail's SMTP daemon
(versions 6.06 and below). The vulnerability stems from the IMail
SMTP daemon not doing proper bounds checking on various input data
that gets passed to the IMail Mailing List handler code. If an
attacker crafts a special buffer and sends it to a remote IMail SMTP
server, it is possible that an attacker can remotely execute code
(commands) on the IMail system.

See also :

http://www.nessus.org/u?ff8d9b9d

Solution :

Apply vendor-supplied patches.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 10994 (DDI_IPSwitch-IMail-SMTP-Buffer-Overflow.nasl)

Bugtraq ID: 2083
2651

CVE ID: CVE-2001-0039
CVE-2001-0494

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now