Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1550 |
| Message | SMTP ETRN overflow attempt |
| Summary | This event is generated when an external attacker attempts to exploit a buffer overflow vulnerability in the ETRN command in NetWin DMail. |
| Impact | Severe. Remote execution of arbitrary code, leading to remote root compromise. |
| Detailed Information | Some versions of NetWin DMail SMTP server contain a buffer overflow vulnerability in the ETRN command. An attacker can use an overly long string in an ETRN argument to cause a buffer overflow condition. This allows the attacker to crash the mail server or execute arbitrary code with root access. |
| Affected Systems | Systems running NetWin DMail 2.8a-h or lower or NetWin DMail 2.7q or lower. |
| Attack Scenarios | An attacker sends an ETRN command with an overly long argument to a NetWin DMail SMTP server. The attacker can then crash the mail server or execute arbitrary code with root access. |
| Ease of Attack | Simple. Exploits exist. |
| Corrective Action | Upgrade to NetWin DMail 2.7r or 2.8i. |
| Additional References | CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0204 Bugtraq http://www.securityfocus.com/bid/1297 |
| Rule References | bugtraq: 1297 bugtraq: 7515 cve: 2000-0490 nessus: 10438 |
--
DID:123199
--
http://www.aanval.com/