BaSoMail SMTP Multiple Command Remote Overflow DoS

critical Nessus Plugin ID 11674



The remote SMTP server has multiple buffer overflow vulnerabilities.


The remote SMTP server crashes when it is issued a HELO, MAIL FROM, or RCPT TO command with an argument longer than 2100 characters. A remote attacker could exploit this by crashing the server, or possibly executing arbitrary code.

It is likely the remote SMTP server is running BaSoMail, though other products may be affected as well.


If the SMTP server is BaSoMail, consider using a different product, as it has not been actively maintained for several years. Otherwise, upgrade to the latest version of the SMTP server.

See Also

Plugin Details

Severity: Critical

ID: 11674

File Name: basomail_overflow.nasl

Version: 1.21

Type: remote

Published: 6/2/2003

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7726