BusinessMail Multiple SMTP Command Remote Buffer Overflows

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

The remote SMTP server is susceptible to buffer overflow attacks.

Description :

The remote host is running BusinessMail, a commercial mail server for
Windows from NetCPlus.

The version of BusinessMail on the remote host fails to sanitize input
to the 'HELO' and 'MAIL FROM' SMTP commands, which can be exploited by
an unauthenticated, remote attacker to crash the SMTP service and
possibly even execute arbitrary code within the context of the server
process.

See also :

http://reedarvin.thearvins.com/20050730-01.html
http://www.nessus.org/u?ac6c13db
http://www.attrition.org/pipermail/vim/2007-June/001640.html

Solution :

Upgrade to BusinessMail 4.7 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SMTP problems

Nessus Plugin ID: 19365 (businessmail_smtp_overflows.nasl)

Bugtraq ID: 14434

CVE ID: CVE-2005-2472