Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:657 |
Message | SMTP chameleon overflow |
Summary | This event is generated when an external user sends a HELP command with specific syntax to an internal SMTP server, which may indicate an attempt to exploit a buffer overflow vulnerability in NetManage Chameleon SMTP server. |
Impact | Severe. Remote execution of arbitrary code, leading to remote root compromise. |
Detailed Information | NetManage Chameleon SMTP server contains a buffer overflow vulnerability in the HELP command. If the HELP command is used with an argument longer than 514 characters, a buffer overflow condition occurs, allowing the execution of arbitrary code. |
Affected Systems | Systems running NetManage Chameleon Unix 97 or NetManage Chameleon 4.5. |
Attack Scenarios | An attacker sends an overly long string to a vulnerable NetManage Chameleon SMTP server in the HELP command. This causes a buffer overflow condition, allowing the attacker to execute arbitrary code on the server and obtain root privileges on the mail server. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to the latest version of NetManage Chameleon SMTP server. |
Additional References | |
Rule References | arachnids: 266 bugtraq: 2387 cve: 1999-0261 |
--
DID:373763
--
http://www.aanval.com/