TFS SMTP 3.2 MAIL FROM overflow

high Nessus Plugin ID 10284

Synopsis

The remote mail server may be affected by a buffer overflow vulnerability.

Description

The remote SMTP server may be affected by a buffer overflow triggered when it receives an overly long argument to the 'MAIL FROM' command.

This vulnerability is reported to affect TenFour TFS SMTP and may allow an unauthenticated remote attacker to crash the service or even execute arbitrary code on this system.

Solution

Upgrade to TenFour TFS SMTP 4.0 or later.

See Also

https://seclists.org/bugtraq/1999/Sep/105

Plugin Details

Severity: High

ID: 10284

File Name: tfs_smtp_overflow.nasl

Version: 1.36

Type: remote

Published: 9/8/1999

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Vulnerability Publication Date: 9/2/1999

Reference Information

CVE: CVE-1999-1516