Intrusion PreventionSMTP.RCPT.TO.Command.Buffer.Overflow
Description
This indicates a possible exploit of a stack-based buffer-overflow vulnerability in GoodTech SMTP server.
GoodTech SMTP server provides Simple Mail Transfer Protocol (SMTP) services to any email client, running as a service on a host Windows machine. A stack-based buffer-overflow vulnerability is reported in it that may allow an attacker to execute arbitrary code on the host system. This is due to the application's failure to sanitize the RCPT TO field in received email messages. To exploit this an attacker may send specially crafted email messages to the server, with an overly long string as email address with the "RCPT TO" command. This causes a buffer overflow resulting in arbitrary code execution on the vulnerable system, with system level privileges, in the context of the affected application.
Affected Products
GoodTech SMTP Server 5.16 and GoodTech SMTP Server 5.15.
Impact
Compromise of the affected system. Attacker may execute arbitrary code on the system.
Recommended Actions
Upgrade to GoodTech SMTP Server 5.17 or later.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2020-02-06 | 15.773 | Sig Added |
| ID | 10378 |
| Created | Aug 05, 2005 |
| Updated | Aug 29, 2022 |
| Risk |
|
| CVE ID | CVE-2005-2387 |
| Exploit Prediction Score | 3.7% |
| Default Action | pass |
| Active | |
| Affected OS | Windows |
| Affected App | Other |