IPSwitch IMail SMTP Multiple Vulnerabilities (OF, DoS)

high Nessus Plugin ID 10994

Synopsis

It may be possible to execute arbitrary commands on the remote system.

Description

A vulnerability exists within IMail that allows remote attackers to gain SYSTEM level access to servers running IMail's SMTP daemon (versions 6.06 and below). The vulnerability stems from the IMail SMTP daemon not doing proper bounds checking on various input data that gets passed to the IMail Mailing List handler code. If an attacker crafts a special buffer and sends it to a remote IMail SMTP server, it is possible that an attacker can remotely execute code (commands) on the IMail system.

Solution

Apply vendor-supplied patches.

See Also

http://www.nessus.org/u?ff8d9b9d

Plugin Details

Severity: High

ID: 10994

File Name: DDI_IPSwitch-IMail-SMTP-Buffer-Overflow.nasl

Version: 1.23

Type: remote

Published: 6/5/2002

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/7/2000

Reference Information

CVE: CVE-2001-0039, CVE-2001-0494

BID: 2083, 2651