BaSoMail SMTP Multiple Command Remote Overflow DoS

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.


Synopsis :

The remote SMTP server has multiple buffer overflow vulnerabilities.

Description :

The remote SMTP server crashes when it is issued a HELO, MAIL FROM, or
RCPT TO command with an argument longer than 2100 characters. A
remote attacker could exploit this by crashing the server, or possibly
executing arbitrary code.

It is likely the remote SMTP server is running BaSoMail, though other
products may be affected as well.

See also :

http://securitytracker.com/alerts/2003/May/1006863.html

Solution :

If the SMTP server is BaSoMail, consider using a different product, as
it has not been actively maintained for several years. Otherwise,
upgrade to the latest version of the SMTP server.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 11674 (basomail_overflow.nasl)

Bugtraq ID: 7726

CVE ID: