GEN:SID | 1:1550 |
Message | SMTP ETRN overflow attempt |
Summary | This event is generated when an external attacker attempts to exploit a buffer overflow vulnerability in the ETRN command in NetWin DMail.
|
Impact | Severe. Remote execution of arbitrary code, leading to remote root compromise.
|
Detailed Information | Some versions of NetWin DMail SMTP server contain a buffer overflow vulnerability in the ETRN command. An attacker can use an overly long string in an ETRN argument to cause a buffer overflow condition. This allows the attacker to crash the mail server or execute arbitrary code with root access.
|
Affected Systems | Systems running NetWin DMail 2.8a-h or lower or NetWin DMail 2.7q or lower.
|
Attack Scenarios | An attacker sends an ETRN command with an overly long argument to a NetWin DMail SMTP server. The attacker can then crash the mail server or execute arbitrary code with root access.
|
Ease of Attack | Simple. Exploits exist.
|
Corrective Action | Upgrade to NetWin DMail 2.7r or 2.8i.
|
Additional References | CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0204
Bugtraq http://www.securityfocus.com/bid/1297
|
Rule References | bugtraq: 7515
bugtraq: 1297
cve: 2000-0490
nessus: 10438
|