Vulnerabilities > CVE-2004-1638 - Remote SMTP EHLO/HELO Buffer Overflow in Tabs Laboratories MailCarrier

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
tabs-laboratories
nessus
exploit available
metasploit

Summary

Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command.

Vulnerable Configurations

Part Description Count
Application
Tabs_Laboratories
1

Exploit-Db

  • descriptionTABS MailCarrier v2.51 SMTP EHLO Overflow. CVE-2004-1638. Remote exploit for windows platform
    idEDB-ID:16822
    last seen2016-02-02
    modified2010-04-30
    published2010-04-30
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16822/
    titleTABS MailCarrier 2.51 - SMTP EHLO Overflow
  • descriptionMailCarrier 2.51 SMTP EHLO / HELO Buffer Overflow Exploit. CVE-2004-1638. Remote exploit for windows platform
    idEDB-ID:598
    last seen2016-01-31
    modified2004-10-26
    published2004-10-26
    reportermuts
    sourcehttps://www.exploit-db.com/download/598/
    titleMailCarrier 2.51 - SMTP EHLO / HELO Buffer Overflow Exploit
  • descriptionMailCarrier 2.51 Remote Buffer Overflow Exploit. CVE-2004-1638. Remote exploit for windows platform
    idEDB-ID:637
    last seen2016-01-31
    modified2004-11-16
    published2004-11-16
    reporterNoPh0BiA
    sourcehttps://www.exploit-db.com/download/637/
    titleMailCarrier 2.51 - Remote Buffer Overflow Exploit

Metasploit

descriptionThis module exploits the MailCarrier v2.51 suite SMTP service. The stack is overwritten when sending an overly long EHLO command.
idMSF:EXPLOIT/WINDOWS/SMTP/MAILCARRIER_SMTP_EHLO
last seen2020-06-01
modified2017-11-08
published2007-09-09
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1638
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/smtp/mailcarrier_smtp_ehlo.rb
titleTABS MailCarrier v2.51 SMTP EHLO Overflow

Nessus

NASL familySMTP problems
NASL idMAILCARRIER_SMTP_OVERFLOW.NASL
descriptionThe target is running at least one instance of MailCarrier in which the SMTP service suffers from a buffer overflow vulnerability. By sending an overly long EHLO command, a remote attacker can crash the SMTP service and execute arbitrary code on the target.
last seen2020-06-01
modified2020-06-02
plugin id15902
published2004-12-03
reporterThis script is Copyright (C) 2004-2018 George A. Theall
sourcehttps://www.tenable.com/plugins/nessus/15902
titleMailCarrier < 3.0.1 SMTP EHLO Command Remote Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83004/mailcarrier_smtp_ehlo.rb.txt
idPACKETSTORM:83004
last seen2016-12-05
published2009-11-26
reporterPatrick Webster
sourcehttps://packetstormsecurity.com/files/83004/TABS-MailCarrier-v2.51-SMTP-EHLO-Overflow.html
titleTABS MailCarrier v2.51 SMTP EHLO Overflow