Ipswitch Collaboration Suite / IMail SMTPD Multiple Commands Format String

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.

Synopsis :

The remote SMTP server is affected by a format string vulnerability.

Description :

The remote host is running Ipswitch Collaboration Suite or IMail
Server, commercial messaging and collaboration suites for Windows.

The version of Ipswitch Collaboration Suite / IMail server installed
on the remote host contains an SMTP server that suffers from a format
string flaw. By supplying a specially formatted argument to the
'EXPN', 'MAIL', 'MAIL FROM', or 'RCPT TO' commands, a remote attacker
may be able to corrupt memory on the affected host, crash the service,
or even execute arbitrary code remotely.

See also :


Solution :

Upgrade to Ipswitch Collaboration Suite 2.02 / IMail 8.22 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: SMTP problems

Nessus Plugin ID: 20319 (ipswitch_imail_smtpd_format_string.nasl)

Bugtraq ID: 15752

CVE ID: CVE-2005-2931

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now