Intrusion Prevention

SMTP.RCPT.TO.Command.Buffer.Overflow

Description

This indicates a possible exploit of a stack-based buffer-overflow vulnerability in GoodTech SMTP server.
GoodTech SMTP server provides Simple Mail Transfer Protocol (SMTP) services to any email client, running as a service on a host Windows machine. A stack-based buffer-overflow vulnerability is reported in it that may allow an attacker to execute arbitrary code on the host system. This is due to the application's failure to sanitize the RCPT TO field in received email messages. To exploit this an attacker may send specially crafted email messages to the server, with an overly long string as email address with the "RCPT TO" command. This causes a buffer overflow resulting in arbitrary code execution on the vulnerable system, with system level privileges, in the context of the affected application.

Affected Products

GoodTech SMTP Server 5.16 and GoodTech SMTP Server 5.15.

Impact

Compromise of the affected system. Attacker may execute arbitrary code on the system.

Recommended Actions

Upgrade to GoodTech SMTP Server 5.17 or later.

CVE References

CVE-2005-2387