Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1550 |
Message | SMTP ETRN overflow attempt |
Summary | This event is generated when an external attacker attempts to exploit a buffer overflow vulnerability in the ETRN command in NetWin DMail. |
Impact | Severe. Remote execution of arbitrary code, leading to remote root compromise. |
Detailed Information | Some versions of NetWin DMail SMTP server contain a buffer overflow vulnerability in the ETRN command. An attacker can use an overly long string in an ETRN argument to cause a buffer overflow condition. This allows the attacker to crash the mail server or execute arbitrary code with root access. |
Affected Systems | Systems running NetWin DMail 2.8a-h or lower or NetWin DMail 2.7q or lower. |
Attack Scenarios | An attacker sends an ETRN command with an overly long argument to a NetWin DMail SMTP server. The attacker can then crash the mail server or execute arbitrary code with root access. |
Ease of Attack | Simple. Exploits exist. |
Corrective Action | Upgrade to NetWin DMail 2.7r or 2.8i. |
Additional References | CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0204 Bugtraq http://www.securityfocus.com/bid/1297 |
Rule References | bugtraq: 1297 bugtraq: 7515 cve: 2000-0490 nessus: 10438 |
--
DID:123199
--
http://www.aanval.com/