XtraMail SMTP HELO Command Remote Overflow

This script is Copyright (C) 1999-2016 Tenable Network Security, Inc.

Synopsis :

The remote host is running a mail server with a remote buffer overflow

Description :

The remote host is running a version of XtraMail with a remote buffer
overflow vulnerability. The overflow is caused by by issuing the
'HELO' command, followed by a long argument.

The HELO command is typically one of the first commands required by a
mail server. The command is used by the mail server as a first attempt
to allow the client to identify itself. As such, this command occurs
before there is any authentication or validation of mailboxes, etc.

This issue may allow an attacker to crash the mail server, or possibly
execute arbitrary code.

See also :


Solution :

Contact the vendor for a patch.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.5

Family: SMTP problems

Nessus Plugin ID: 10324 ()

Bugtraq ID: 791

CVE ID: CVE-1999-1511

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now