NetWin DSMTP (Dmail) ETRN Command Overflow

Critical Nessus Plugin ID 10438


The remote SMTP server has a buffer overflow vulnerability.


The remote SMTP server is vulnerable to a buffer overflow when the ETRN command is issued arguments which are too long. A remote attacker could exploit this to crash the SMTP server, or possibly execute arbitrary code.


Upgrade to the latest version of the SMTP server. If you are using NetWin DSMTP, upgrade to version 2.7r or later.

See Also

Plugin Details

Severity: Critical

ID: 10438

File Name: dmail_overflow.nasl

Version: $Revision: 1.35 $

Type: remote

Published: 2000/06/07

Modified: 2016/10/10

Dependencies: 10249, 10263

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2000/06/01

Reference Information

CVE: CVE-2000-0490

BID: 1297

OSVDB: 340