Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:654 |
| Message | SMTP RCPT TO overflow |
| Summary | When connecting to port 25 (SMTP) on a computer running a vunarable SMTP server it is possible to perform a DoS attack. In some cases it might be possible to perform a security breach as well. |
| Impact | Depending on the vunerable software you may need to restart the SMTP server or perform some level of incident response. |
| Detailed Information | Vulnerable systems: Avirt Mail 4.0 (build 4124) Avirt Mail 4.2 (build 4807) PakMail SMTP/POP3 Netscape Messaging Server 3.54/3.55/3.6 More details can be found on the various sites listed below as the impact and details vary from system to system. |
| Affected Systems | |
| Attack Scenarios | Supply a large amount of data after the RCPT TO: header in your SMTP flow. |
| Ease of Attack | DoS: rather easy Security breach: probably hard |
| Corrective Action | Upgrade software according to the instructions of your software manufacturer. |
| Additional References | http://www.securiteam.com/exploits/6C00O1F00Y.html http://www.synnergy.net/downloads/advisories/SLA-2000-01.pakmail.txt http://online.securityfocus.com/bid/748 |
| Rule References | bugtraq: 2283 bugtraq: 9696 cve: 2001-0260 |
--
DID:561479
--
http://www.aanval.com/