Microsoft Exchange IMC SMTP EHLO Hostname Overflow

High Nessus Network Monitor Plugin ID 2033

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

A security vulnerability results because of an unchecked buffer in the IMC code that generates the response to the EHLO protocol command. If the buffer were overrun with data it would result in either the failure of the IMC or could allow the attacker to run code in the security context of the IMC, which runs as Exchange 5.5 Service Account.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: High

ID: 2033

File Name: 2033.prm

Family: SMTP Servers

Published: 2004/08/18

Modified: 2016/01/15

Dependencies: 2004, 2005

Nessus ID: 11053

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2002-0698

BID: 5306