Vulnerabilities > CVE-1999-1511 - DoS vulnerability in Artisoft Xtramail 1.11

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
artisoft
nessus
NVD
Published: 1999-11-10
Updated: 2017-12-19

Summary

Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of service (crash) and possibly execute arbitrary commands via (1) a long PASS command in the POP3 service, (2) a long HELO command in the SMTP service, or (3) a long user name in the Control Service.

Vulnerable Configurations

Part Description Count
Application
Artisoft
1

Nessus

  • NASL familySMTP problems
    NASL idXTRAMAIL_HELO.NASL
    descriptionThe remote host is running a version of XtraMail with a remote buffer overflow vulnerability. The overflow is caused by by issuing the
    last seen2020-06-01
    modified2020-06-02
    plugin id10324
    published1999-11-10
    reporterThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10324
    titleXtraMail SMTP HELO Command Remote Overflow
  • NASL familyMisc.
    NASL idXTRAMAIL_CONTROL.NASL
    descriptionThe remote host is running a version of XtraMail with a remote buffer overflow vulnerability. XtraMail includes a remote administration utility which listens on port 32000 for logins. Providing a username of over 15,000 characters causes a buffer overflow, which could allow a remote attacker to crash the service or potentially execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id10323
    published1999-11-10
    reporterThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10323
    titleXtraMail Control Service Username Overflow
  • NASL familyGain a shell remotely
    NASL idXTRAMAIL_POP_OVERFLOW.NASL
    descriptionThe remote POP3 server is vulnerable to the following buffer overflow : USER test PASS <buffer> This may allow an attacker to execute arbitrary commands as root on the remote POP3 server.
    last seen2020-06-01
    modified2020-06-02
    plugin id10325
    published1999-11-10
    reporterThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10325
    titleXtraMail POP3 PASS Command Remote Overflow

References