MS02-037: Microsoft Exchange EHLO Long Hostname Overflow

This script is Copyright (C) 2002-2017 SECNAP Network Security, LLC

Synopsis :

The remote host has an application that is affected by a
buffer overflow vulnerability.

Description :

A security vulnerability results because of an unchecked
buffer in the IMC code that generates the response to the
EHLO protocol command. If the buffer were overrun with data
it would result in either the failure of the IMC or could allow
the attacker to run code in the security context of the IMC,
which runs as Exchange5.5 Service Account.

** Nessus only uses the banner header to determine
if this vulnerability exists and does not check
for or attempt an actual overflow.

See also :

Solution :

See the vendor advisory for patch information.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: SMTP problems

Nessus Plugin ID: 11053 ()

Bugtraq ID: 5306

CVE ID: CVE-2002-0698

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now