GEN:SID | 1:657 |
Message | SMTP chameleon overflow |
Summary | This event is generated when an external user sends a HELP command with specific syntax to an internal SMTP server, which may indicate an attempt to exploit a buffer overflow vulnerability in NetManage Chameleon SMTP server.
|
Impact | Severe. Remote execution of arbitrary code, leading to remote root compromise.
|
Detailed Information | NetManage Chameleon SMTP server contains a buffer overflow vulnerability in the HELP command. If the HELP command is used with an argument longer than 514 characters, a buffer overflow condition occurs, allowing the execution of arbitrary code.
|
Affected Systems | Systems running NetManage Chameleon Unix 97 or NetManage Chameleon 4.5.
|
Attack Scenarios | An attacker sends an overly long string to a vulnerable NetManage Chameleon SMTP server in the HELP command. This causes a buffer overflow condition, allowing the attacker to execute arbitrary code on the server and obtain root privileges on the mail server.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to the latest version of NetManage Chameleon SMTP server.
|
Additional References | |
Rule References | arachnids: 266
bugtraq: 2387
cve: 1999-0261
|