BusinessMail Multiple SMTP Command Remote Buffer Overflows

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.

Synopsis :

The remote SMTP server is susceptible to buffer overflow attacks.

Description :

The remote host is running BusinessMail, a commercial mail server for
Windows from NetCPlus.

The version of BusinessMail on the remote host fails to sanitize input
to the 'HELO' and 'MAIL FROM' SMTP commands, which can be exploited by
an unauthenticated, remote attacker to crash the SMTP service and
possibly even execute arbitrary code within the context of the server

See also :

Solution :

Upgrade to BusinessMail 4.7 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false

Family: SMTP problems

Nessus Plugin ID: 19365 (businessmail_smtp_overflows.nasl)

Bugtraq ID: 14434

CVE ID: CVE-2005-2472

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now