| VID |
18010 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The CSM mail server contains a buffer overflow that could be used to launch a denial of service attack or execute arbitrary code. CSM mail server is an SMTP server for Windows 95/98/NT.
This problem can be issued by submitting an argument of over 12000 bytes to a HELO command. A remote attacker can cause the server to crash or execute commands via a long HELO command.
Vulnerable versions:
CSM Mail Server 1999-07b
CSM Mail Server 1999-07F
CSM Mail Server 1999-07G
CSM Mail Server 1999-07H
CSM Mail Server 1999-07I
CSM Mail Server 1999-07M
CSM Mail Server 2000-01A
* Warning: The mail server may be crashed by a buffer overflow test. Therefore restarting the service is required in order to regain normal functionality.
* References:
http://www.iss.net/security_center/static/3760.php
http://www.securityfocus.com/bid/895 |
| Recommendation |
Download and upgrade to the latest version from:
http://www.csm-usa.com/product/mailsrvr/ |
| Related URL |
CVE-2000-0042 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
