NAI WebShield SMTP Management Agent SET_CONFIG Overflow
High Nessus Plugin ID 10425
SynopsisThe remote management service is prone to a buffer overflow.
DescriptionThe remote NAI WebShield SMTP Management tool is vulnerable to a buffer overflow which allows an attacker to gain execute arbitrary code on this host when it is issued a too long argument as a configuration parameter.
In addition to this, it allows an attacker to disable the service at will.
To re-enable the service :
- execute regedit
- edit the registry key 'Quarantine_Path' under HKLM\SOFTWARE\Network Associates\TVD\WebShield SMTP\MailScan
- change its value from 'XXX...XXX' to the valid path to the quarantine folder.
- restart the service
SolutionFilter incoming traffic to this port. You may also restrict the set of trusted hosts in the configuration console : - go to the 'server' section - select the 'trusted clients' tab - and set the data accordingly