Ipswitch IMail / SLMail VRFY Command Remote Overflow

Medium Nessus Plugin ID 10254


The remote mail server is vulnerable to denial of service.


It was possible to crash the affected SMTP service by sending a VRFY command with a long argument.

This attack is known to affect certain versions of Ipswitch IMail and Seattle Labs' SLMail, although products from other vendors may also be affected.

An unauthenticated, remote attacker can leverage this issue to conduct a denial of service attack against the affected mail server.


Contact the product's vendor for an update.

See Also



Plugin Details

Severity: Medium

ID: 10254

File Name: slmail.nasl

Version: $Revision: 1.32 $

Type: remote

Published: 1999/06/22

Modified: 2016/12/14

Dependencies: 10263, 10249, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:ipswitch:imail, cpe:/a:seattle_lab_software:slmail_pro

Vulnerability Publication Date: 1998/03/12

Reference Information

CVE: CVE-1999-0231

OSVDB: 5969, 6116