Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1549 |
Message | SMTP HELO overflow attempt |
Summary | This event is generated when an attempt is made to overflow a buffer in an SMTP server via a long SMTP HELO command. |
Impact | A remote attacker could exploit this vulnerability to cause a denial of service, or possibly execute arbitrary code. |
Detailed Information | Most SMTP servers do not properly validate the input string. A buffer overflow may occur when an attacker use a HELO command followed by 1024+ characters. If the server is vulnerable ,it will crash or close the connection, otherwise it will give an error message. |
Affected Systems | SMTP servers Any version AppleShare IP Mail Server Any version Mercury Mail Server Any version SLMail v2.6 and earlier |
Attack Scenarios | telnet victim.foo.com 25 helo victim 220 victim SMTP Server Ready HELO XXXXXXXXXXX[a thousand of these]XXXXXXXX |
Ease of Attack | Simple. |
Corrective Action | Upgrade to the latest non-affected version of the software |
Additional References | |
Rule References | bugtraq: 7726 bugtraq: 895 cve: 2000-0042 nessus: 10324 nessus: 11674 |
--
DID:489656
--
http://www.aanval.com/