header-logo
Suggest Exploit
vendor:
BaSoMail SMTP Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: BaSoMail SMTP Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

BaSoMail SMTP Server Buffer Overflow Vulnerability

BaSoMail SMTP Server has been reported prone to a buffer overflow vulnerability. The issue is likely due to a lack of sufficient bounds checking performed on arguments passed to SMTP commands. It may be possible to exploit this issue to execute arbitrary attacker supplied code by sending a buffer size of 2100 bytes to the SMTP server via the HELO, Mail From, or Rcpt to commands.

Mitigation:

Ensure that all user-supplied input is validated and filtered before being passed to the SMTP server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7726/info

BaSoMail SMTP Server has been reported prone to a buffer overflow vulnerability.

The issue is likely due to a lack of sufficient bounds checking performed on arguments passed to SMTP commands.

Although unconfirmed and speculative, due to the nature of this vulnerability, it may be possible to exploit this issue to execute arbitrary attacker supplied code. 

# Telnet The_SMTP_Server_IP_Address 25
220 Welcome to BaSoMail (www.BaSo.no)
HELO <ccccc....[Buffer size 2100 Bytes]>
Or
Mail From : <ccccc....[Buffer size 2100 Bytes @xyz.com]>
Or
Rcpt to : <ccccc....[Buffer size 2100 Bytes @xyz.com]>
Quit

Navigation

Suggest Exploit

Services By CQR