|Title:||CMail's MAIL FROM overflow|
There seem to be a buffer overflow in the remote SMTP server
when the server is issued a too long argument to the 'MAIL FROM'
command, like :
MAIL FROM: AAA[...]AAA@nessus.org
Where AAA[...]AAA contains more than 8000 'A's.
This problem may allow an attacker to prevent this host
to act as a mail host and may even allow him to execute
arbitrary code on this system.
Solution : Contact your vendor for a patch
Risk factor : High
BugTraq ID: 633|
Common Vulnerability Exposure (CVE) ID: CVE-1999-1521
Bugtraq: 19990729 Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer (Google Search)
Bugtraq: 19990912 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug (Google Search)
XForce ISS Database: cmail-command-bo(2240)
|Copyright||This script is Copyright (C) 1999 Renaud Deraison|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.