Multiple MTA HELO Command Remote Overflow

High Nessus Plugin ID 10260


The remote SMTP server is vulnerable to an access control breach.


The remote SMTP server seems to allow remote users to send mail anonymously by providing arguments that are too long to the HELO command (more than 1024 chars).

This problem may allow malicious users to send unsolicited mail (i.e., SPAM) or threatening mail using the server, and keep their anonymity.


If sendmail is being used, upgrade to version 8.9.x or newer.
If you do not run sendmail, contact your vendor.

See Also

Plugin Details

Severity: High

ID: 10260

File Name: smtp_helo.nasl

Version: $Revision: 1.47 $

Type: remote

Published: 1999/08/18

Modified: 2016/12/09

Dependencies: 11421, 10263, 10249, 17975

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMTP/sendmail

Excluded KB Items: SMTP/wrapped, SMTP/qmail, SMTP/microsoft_esmtp_5, SMTP/postfix, SMTP/domino

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1998/01/10

Reference Information

CVE: CVE-1999-0098, CVE-1999-1015, CVE-1999-1504

BID: 49431, 61, 62

OSVDB: 205, 5855, 5970, 6034