NetWin DMail Server Multiple Remote Vulnerabilities
Medium Nessus Plugin ID 18200
SynopsisThe remote mail server is susceptible to multiple issues.
DescriptionThe installation of NetWin DMail on the remote host suffers from an authentication bypass vulnerability in its mailing list server component, DList, and a format string vulnerability in the SMTP server component, DSmtp. An attacker can exploit the first to reveal potentially sensitive log information as well as to shut down the DList process and, provided he has the admin password, the second to crash the DSmtp process and potentially execute arbitrary code on the remote.
SolutionBlock access to the affected port with a firewall.