MS02-037: Microsoft Exchange EHLO Long Hostname Overflow

This script is Copyright (C) 2002-2014 SECNAP Network Security, LLC

Synopsis :

The remote host has an application that is affected by a
buffer overflow vulnerability.

Description :

A security vulnerability results because of an unchecked
buffer in the IMC code that generates the response to the
EHLO protocol command. If the buffer were overrun with data
it would result in either the failure of the IMC or could allow
the attacker to run code in the security context of the IMC,
which runs as Exchange5.5 Service Account.

** Nessus only uses the banner header to determine
if this vulnerability exists and does not check
for or attempt an actual overflow.

Solution :


Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: SMTP problems

Nessus Plugin ID: 11053 ()

Bugtraq ID: 5306

CVE ID: CVE-2002-0698

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial