NetWin DMail Server Multiple Remote Vulnerabilities

medium Nessus Plugin ID 18200

Language:

Synopsis

The remote mail server is susceptible to multiple issues.

Description

The installation of NetWin DMail on the remote host suffers from an authentication bypass vulnerability in its mailing list server component, DList, and a format string vulnerability in the SMTP server component, DSmtp. An attacker can exploit the first to reveal potentially sensitive log information as well as to shut down the DList process and, provided he has the admin password, the second to crash the DSmtp process and potentially execute arbitrary code on the remote.

Solution

Block access to the affected port with a firewall.

Plugin Details

Severity: Medium

ID: 18200

File Name: dmail_2vulns.nasl

Version: 1.14

Type: remote

Family: Gain a shell remotely

Published: 5/5/2005

Updated: 7/10/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/3/2005

Reference Information

CVE: CVE-2005-1478, CVE-2005-1516

BID: 13497, 13505

Secunia: 15242

Detections

Analytics