MS02-037: Microsoft Exchange EHLO Long Hostname Overflow

This script is Copyright (C) 2002-2014 SECNAP Network Security, LLC


Synopsis :

The remote host has an application that is affected by a
buffer overflow vulnerability.

Description :

A security vulnerability results because of an unchecked
buffer in the IMC code that generates the response to the
EHLO protocol command. If the buffer were overrun with data
it would result in either the failure of the IMC or could allow
the attacker to run code in the security context of the IMC,
which runs as Exchange5.5 Service Account.

** Nessus only uses the banner header to determine
if this vulnerability exists and does not check
for or attempt an actual overflow.

Solution :

See http://technet.microsoft.com/en-us/security/bulletin/ms02-037

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SMTP problems

Nessus Plugin ID: 11053 ()

Bugtraq ID: 5306

CVE ID: CVE-2002-0698