NetWin DSMTP (Dmail) ETRN Command Overflow

critical Nessus Plugin ID 10438


The remote SMTP server has a buffer overflow vulnerability.


The remote SMTP server is vulnerable to a buffer overflow when the ETRN command is issued arguments which are too long. A remote attacker could exploit this to crash the SMTP server, or possibly execute arbitrary code.


Upgrade to the latest version of the SMTP server. If you are using NetWin DSMTP, upgrade to version 2.7r or later.

See Also

Plugin Details

Severity: Critical

ID: 10438

File Name: dmail_overflow.nasl

Version: 1.37

Type: remote

Published: 6/7/2000

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 6/1/2000

Reference Information

CVE: CVE-2000-0490

BID: 1297