SecurityGateway < 1.0.2 Administration Interface username Field Remote Overflow
Critical Nessus Plugin ID 33104
SynopsisThe remote web server is affected by a buffer overflow vulnerability.
DescriptionThe remote host is running Alt-N's SecurityGateway for Exchange/SMTP, an email spam firewall for Exchange and SMTP servers.
The version of SecurityGateway installed on the remote host is earlier than 1.0.2. Such versions are reportedly affected by a buffer overflow that can be triggered using a long 'username' parameter to the 'SecurityGateway.dll' script to execute arbitrary code on the remote host with SYSTEM-level privileges, potentially resulting in a complete compromise of the affected host.
SolutionUpgrade to SecurityGateway 1.0.2 or later.