Multiple MTA HELO Command Remote Overflow

This script is Copyright (C) 1999-2016 Tenable Network Security, Inc.

Synopsis :

The remote SMTP server is vulnerable to an access control breach.

Description :

The remote SMTP server seems to allow remote users to
send mail anonymously by providing arguments that are
too long to the HELO command (more than 1024 chars).

This problem may allow malicious users to send unsolicited
mail (i.e., SPAM) or threatening mail using the server,
and keep their anonymity.

See also :

Solution :

If sendmail is being used, upgrade to version 8.9.x or newer.
If you do not run sendmail, contact your vendor.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 10260 ()

Bugtraq ID: 49431

CVE ID: CVE-1999-0098

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now