NetWin DSMTP (Dmail) ETRN Command Overflow

critical Nessus Plugin ID 10438

Synopsis

The remote SMTP server has a buffer overflow vulnerability.

Description

The remote SMTP server is vulnerable to a buffer overflow when the ETRN command is issued arguments which are too long. A remote attacker could exploit this to crash the SMTP server, or possibly execute arbitrary code.

Solution

Upgrade to the latest version of the SMTP server. If you are using NetWin DSMTP, upgrade to version 2.7r or later.

See Also

https://seclists.org/bugtraq/2000/Jun/15

Plugin Details

Severity: Critical

ID: 10438

File Name: dmail_overflow.nasl

Version: 1.37

Type: remote

Published: 6/7/2000

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 6/1/2000

Reference Information

CVE: CVE-2000-0490

BID: 1297