| VID |
18012 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The Concatus iMate Web Mail Server 2.5 is vulnerable to a denial of service, caused by a buffer overflow in a HELO command with an long argument. By sending an email using SMTP with a server name of 1119 characters or more, a remote attacker can overflow the buffer and cause the SMTP server to stop running, making it necessary for the service to be restarted.
* Warning: The mail server may be crashed by a buffer overflow test. Therefore restarting the service is required in order to regain normal functionality.
For detail descriptions, refer to the following site:
http://www.delphisplc.com/thinking/whitepapers/security/DST2K0006.txt
* References:
http://www.iss.net/security_center/static/4586.php
http://www.securityfocus.com/bid/1286 |
| Recommendation |
Upgrade to the latest version of iMate (2.5.1 or later), available from the Concatus Web site:
http://www.imate.net/eng/index.html |
| Related URL |
CVE-2000-0507 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
