NetWin DMail Server Multiple Remote Vulnerabilities

Medium Nessus Plugin ID 18200


The remote mail server is susceptible to multiple issues.


The installation of NetWin DMail on the remote host suffers from an authentication bypass vulnerability in its mailing list server component, DList, and a format string vulnerability in the SMTP server component, DSmtp. An attacker can exploit the first to reveal potentially sensitive log information as well as to shut down the DList process and, provided he has the admin password, the second to crash the DSmtp process and potentially execute arbitrary code on the remote.


Block access to the affected port with a firewall.

Plugin Details

Severity: Medium

ID: 18200

File Name: dmail_2vulns.nasl

Version: $Revision: 1.13 $

Type: remote

Published: 2005/05/05

Modified: 2016/12/06

Dependencies: 11153

Risk Information

Risk Factor: Medium


Base Score: 6

Temporal Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2005/05/03

Reference Information

CVE: CVE-2005-1478, CVE-2005-1516

BID: 13497, 13505

OSVDB: 16299, 16300

Secunia: 15242