MailCarrier < 3.0.1 SMTP EHLO Command Remote Overflow

high Nessus Plugin ID 15902


The remote SMTP server is affected by a remote command execution vulnerability.


The target is running at least one instance of MailCarrier in which the SMTP service suffers from a buffer overflow vulnerability. By sending an overly long EHLO command, a remote attacker can crash the SMTP service and execute arbitrary code on the target.


Upgrade to MailCarrier 3.0.1 or greater.

See Also

Plugin Details

Severity: High

ID: 15902

File Name: mailcarrier_smtp_overflow.nasl

Version: 1.19

Type: remote

Published: 12/3/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: High

Score: 7.0


Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/26/2004

Exploitable With

Metasploit (TABS MailCarrier v2.51 SMTP EHLO Overflow)

Reference Information

CVE: CVE-2004-1638

BID: 11535