| VID |
18095 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The BusinessMail server, according to its banner, has multiple remote buffer overflow vulnerabilities. BusinessMail is a commercial mail server for Microsoft Windows platforms. BusinessMail Server version 4.60.00 and possibly other versions are vulnerable to a multiple remote buffer overflow vulnerabilities, caused by improper validation of user-supplied input passed to the SMTP HELO and MAIL FROM commands. By exploiting these flaws, a remote attacker could crash the affected SMTP service and possibly even execute arbitrary code within the context of the server process.
* Note: This check solely relied on the banner of the remote SMTP server to assess this vulnerability, so this might be a false positive.
* References:
http://reedarvin.thearvins.com/20050730-01.html
http://www.securityfocus.com/archive/1/406957
* Platforms Affected:
NetCPlus, BusinessMail Server version 4.60.00 and possibly other versions
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of December 2005.
Upgrade to the latest version of BusinessMail Server, when new fixed version becomes available from the BusinessMail Server Web site at http://www.netcplus.com/businessmail.html |
| Related URL |
CVE-2005-2472 (CVE) |
| Related URL |
14434 (SecurityFocus) |
| Related URL |
21636 (ISS) |
|
