SecurityGateway < 1.0.2 Administration Interface username Field Remote Overflow

Critical Nessus Plugin ID 33104


The remote web server is affected by a buffer overflow vulnerability.


The remote host is running Alt-N's SecurityGateway for Exchange/SMTP, an email spam firewall for Exchange and SMTP servers.

The version of SecurityGateway installed on the remote host is earlier than 1.0.2. Such versions are reportedly affected by a buffer overflow that can be triggered using a long 'username' parameter to the 'SecurityGateway.dll' script to execute arbitrary code on the remote host with SYSTEM-level privileges, potentially resulting in a complete compromise of the affected host.


Upgrade to SecurityGateway 1.0.2 or later.

See Also[email protected]@

Plugin Details

Severity: Critical

ID: 33104

File Name: securitygateway_1_0_2.nasl

Version: $Revision: 1.13 $

Type: remote

Family: Firewalls

Published: 2008/06/06

Modified: 2017/10/30

Dependencies: 10107

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With


Core Impact

Metasploit (Alt-N SecurityGateway username Buffer Overflow)

Reference Information

CVE: CVE-2008-4193

BID: 29457

EDB-ID: 5718

OSVDB: 45854

Secunia: 30497

CWE: 119