| VID |
18097 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The GoodTech SMTP Server, according to its banner, has multiple buffer overflow vulnerabilities via the RCPT TO command. GoodTech SMTP Server version 5.16 and possibly earlier versions are vulnerable to multiple stack-based buffer overflow vulnerabilities, caused by improper bounds checking of user-supplied input passed to the RCPT TO command parameter. By sending a RCPT TO command with a specially-crafted DNS name or multiple RCPT TO commands with a specially-crafted e-mail name argument in the last command, a remote attacker could execute arbitrary code on the affected system with SYSTEM level privileges.
* Note: This check solely relied on the banner of the remote SMTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/406321/30/0/threaded
* Platforms Affected:
GoodTech Systems, GoodTech SMTP Server version 5.16 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of GoodTech SMTP Server (5.17 or later), available from the GoodTech SMTP Server Web site at http://www.goodtechsys.com/smtpdnt2000.asp |
| Related URL |
CVE-2005-2387 (CVE) |
| Related URL |
14357 (SecurityFocus) |
| Related URL |
21514,21515 (ISS) |
|
