Ipswitch IMail / SLMail VRFY Command Remote Overflow

medium Nessus Plugin ID 10254

Synopsis

The remote mail server is vulnerable to denial of service.

Description

It was possible to crash the affected SMTP service by sending a VRFY command with a long argument.

This attack is known to affect certain versions of Ipswitch IMail and Seattle Labs' SLMail, although products from other vendors may also be affected.

An unauthenticated, remote attacker can leverage this issue to conduct a denial of service attack against the affected mail server.

Solution

Contact the product's vendor for an update.

See Also

https://seclists.org/bugtraq/1998/Mar/93

https://seclists.org/bugtraq/1998/Mar/94

Plugin Details

Severity: Medium

ID: 10254

File Name: slmail.nasl

Version: 1.35

Type: remote

Published: 6/22/1999

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:ipswitch:imail, cpe:/a:seattle_lab_software:slmail_pro

Vulnerability Publication Date: 3/12/1998

Reference Information

CVE: CVE-1999-0231