BaSoMail SMTP Multiple Command Remote Overflow DoS

critical Nessus Plugin ID 11674

Language:

Synopsis

The remote SMTP server has multiple buffer overflow vulnerabilities.

Description

The remote SMTP server crashes when it is issued a HELO, MAIL FROM, or RCPT TO command with an argument longer than 2100 characters. A remote attacker could exploit this by crashing the server, or possibly executing arbitrary code.

It is likely the remote SMTP server is running BaSoMail, though other products may be affected as well.

Solution

If the SMTP server is BaSoMail, consider using a different product, as it has not been actively maintained for several years. Otherwise, upgrade to the latest version of the SMTP server.

See Also

http://securitytracker.com/alerts/2003/May/1006863.html

Plugin Details

Severity: Critical

ID: 11674

File Name: basomail_overflow.nasl

Version: 1.21

Type: remote

Published: 6/2/2003

Updated: 8/8/2018

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7726