NAI WebShield SMTP Management Agent SET_CONFIG Overflow

High Nessus Plugin ID 10425


The remote management service is prone to a buffer overflow.


The remote NAI WebShield SMTP Management tool is vulnerable to a buffer overflow which allows an attacker to gain execute arbitrary code on this host when it is issued a too long argument as a configuration parameter.

In addition to this, it allows an attacker to disable the service at will.

To re-enable the service :

- execute regedit

- edit the registry key 'Quarantine_Path' under HKLM\SOFTWARE\Network Associates\TVD\WebShield SMTP\MailScan

- change its value from 'XXX...XXX' to the valid path to the quarantine folder.

- restart the service


Filter incoming traffic to this port. You may also restrict the set of trusted hosts in the configuration console : - go to the 'server' section - select the 'trusted clients' tab - and set the data accordingly

Plugin Details

Severity: High

ID: 10425

File Name: nai_webshield_overflow.nasl

Version: $Revision: 1.24 $

Type: remote

Published: 2000/05/27

Modified: 2014/05/26

Dependencies: 10424, 17975

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

Required KB Items: nai_webshield_management_agent/available, Settings/ParanoidReport

Vulnerability Publication Date: 2000/05/25

Reference Information

CVE: CVE-2000-0447

BID: 1254

OSVDB: 327