BusinessMail Multiple SMTP Command Remote Buffer Overflows

Critical Nessus Plugin ID 19365


The remote SMTP server is susceptible to buffer overflow attacks.


The remote host is running BusinessMail, a commercial mail server for Windows from NetCPlus.

The version of BusinessMail on the remote host fails to sanitize input to the 'HELO' and 'MAIL FROM' SMTP commands, which can be exploited by an unauthenticated, remote attacker to crash the SMTP service and possibly even execute arbitrary code within the context of the server process.


Upgrade to BusinessMail 4.7 or later.

See Also

Plugin Details

Severity: Critical

ID: 19365

File Name: businessmail_smtp_overflows.nasl

Version: $Revision: 1.18 $

Type: remote

Published: 2005/08/02

Modified: 2011/09/01

Dependencies: 10263

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2005/08/01

Reference Information

CVE: CVE-2005-2472

BID: 14434

OSVDB: 18407