| VID |
18092 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The Inframail SMTP server, according to its banner, has a buffer overflow vulnerability in the MAIL FROM command. Infradig Inframail is an SMTP, POP, HTTP, and FTP server for the Microsoft Windows and Linux-based platforms. Inframail Advantage Server Edition version 7.11 and earlier versions are vulnerable to a buffer overflow vulnerability, caused by a vulnerability in the processing of the SMTP MAIL FROM command. By sending a special-crafted MAIL FROM command with an excessively long argument (around 40,960 bytes), a remote attacker could cause the ifmail.exe process to crash.
* Note: This check solely relied on the banner of the remote SMTP server to assess this vulnerability, so this might be a false positive.
* References:
http://reedarvin.thearvins.com/20050627-01.html
http://secunia.com/advisories/15828/
http://www.securiteam.com/securitynews/5HP061PGBK.html
* Platforms Affected:
Infradig, Inframail Advantage Server 7.11 and earlier
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Inframail Advantage Server (7.12 or later), available from the Infradig Web site at http://www.infradig.com/inframail/index.shtml |
| Related URL |
CVE-2005-2085 (CVE) |
| Related URL |
14077 (SecurityFocus) |
| Related URL |
21160 (ISS) |
|
