BusinessMail Multiple SMTP Command Remote Buffer Overflows

critical Nessus Plugin ID 19365


The remote SMTP server is susceptible to buffer overflow attacks.


The remote host is running BusinessMail, a commercial mail server for Windows from NetCPlus.

The version of BusinessMail on the remote host fails to sanitize input to the 'HELO' and 'MAIL FROM' SMTP commands, which can be exploited by an unauthenticated, remote attacker to crash the SMTP service and possibly even execute arbitrary code within the context of the server process.


Upgrade to BusinessMail 4.7 or later.

See Also

Plugin Details

Severity: Critical

ID: 19365

File Name: businessmail_smtp_overflows.nasl

Version: 1.19

Type: remote

Published: 8/2/2005

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 4.2


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/1/2005

Reference Information

CVE: CVE-2005-2472

BID: 14434