| VID |
18084 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
A version of Smail server which is older or as old as than version 3.2.0.120 is detected as running on the host. Smail-3 is an implementation of an Electronic Mail Transport Agent (MTA) for Unix-based operating systems. Smail-3 versions 3.2.0.120 and earlier are vulnerable to two vulnerabilities, which can allow a remote attacker to execute arbitrary code or commands on the system with root privileges.
1) A heap-based buffer overflow exists in the addr.c script. A local or remote attacker could send an email with a specially-crafted MAIL FROM field to overflow a buffer and execute arbitrary code on the system with root privileges.
2) A command execution vulnerability exists in the signal handling code in the modes.c file. A local attacker could exploit this vulnerability to execute arbitrary commands on the system with root privileges.
* Note: This check solely relied on the banner of the remote SMTP server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-03/0435.html
http://www.securityfocus.com/archive/1/394286
http://www.securityfocus.com/archive/1/394413
* Platforms Affected:
GNU Project, Smail-3 versions 3.2.0.120 and earlier
Linux Any version
Unix Any version |
| Recommendation |
No upgrade or patch available as of April 2005.
Upgrade to the new version of Smail-3 (Smail-3.2.0.121 or later), when new version fixed this problem becomes available from the Smail-3 Web site at http://www.weird.com/~woods/projects/smail.html |
| Related URL |
CVE-2005-0892,CVE-2005-0893 (CVE) |
| Related URL |
12899,12922 (SecurityFocus) |
| Related URL |
19838,19840 (ISS) |
|
