vendor:
BaSoMail SMTP Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: BaSoMail SMTP Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
BaSoMail SMTP Server Buffer Overflow Vulnerability
BaSoMail SMTP Server has been reported prone to a buffer overflow vulnerability. The issue is likely due to a lack of sufficient bounds checking performed on arguments passed to SMTP commands. It may be possible to exploit this issue to execute arbitrary attacker supplied code by sending a buffer size of 2100 bytes to the SMTP server via the HELO, Mail From, or Rcpt to commands.
Mitigation:
Ensure that all user-supplied input is validated and filtered before being passed to the SMTP server.
