| GEN:SID | 1:1550 |
| Message | SMTP ETRN overflow attempt |
| Summary | This event is generated when an external attacker attempts to exploit a buffer overflow vulnerability in the ETRN command in NetWin DMail.
|
| Impact | Severe. Remote execution of arbitrary code, leading to remote root compromise.
|
| Detailed Information | Some versions of NetWin DMail SMTP server contain a buffer overflow vulnerability in the ETRN command. An attacker can use an overly long string in an ETRN argument to cause a buffer overflow condition. This allows the attacker to crash the mail server or execute arbitrary code with root access.
|
| Affected Systems | Systems running NetWin DMail 2.8a-h or lower or NetWin DMail 2.7q or lower.
|
| Attack Scenarios | An attacker sends an ETRN command with an overly long argument to a NetWin DMail SMTP server. The attacker can then crash the mail server or execute arbitrary code with root access.
|
| Ease of Attack | Simple. Exploits exist.
|
| Corrective Action | Upgrade to NetWin DMail 2.7r or 2.8i.
|
| Additional References | CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0204
Bugtraq http://www.securityfocus.com/bid/1297
|
| Rule References | bugtraq: 7515
bugtraq: 1297
cve: 2000-0490
nessus: 10438
|