Smail-3 < 3.2.0.121 Multiple Vulnerabilities

high Nessus Plugin ID 17633

Synopsis

The remote mail server is affected by multiple vulnerabilities.

Description

According to its banner, the remote host is running as its mail server S-mail version 3.2.0.120 or older. Such versions contain various vulnerabilities that may allow an unauthenticated attacker execute arbitrary code on the remote host by exploiting a heap overflow by sending a malformed argument to the 'MAIL FROM' command.

Solution

Upgrade to Smail 3.2.0.121 or later.

See Also

https://seclists.org/bugtraq/2005/Mar/447

https://seclists.org/bugtraq/2005/Mar/474

https://seclists.org/bugtraq/2005/Mar/486

ftp://ftp.weird.com/pub/local/smail-3.2.0.121.ChangeLog

https://seclists.org/bugtraq/2005/Mar/471

Plugin Details

Severity: High

ID: 17633

File Name: smail_multiple_vulnerabilities.nasl

Version: 1.16

Type: remote

Published: 3/25/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/26/2005

Reference Information

CVE: CVE-2005-0892, CVE-2005-0893

BID: 12899, 12922