Signature Detail

SMTP: NetWin DMail DSMTP Remote Format String

This signature detects a maliciously crafted SMTP "xtellmail" request containing format string characters. Such a request can allow the client to execute arbitrary commands on the server with permissions of the SMTP daemon. This vulnerability affects NetWin DMail DSMTP versions 3.1b and earlier.

Extended Description

The SMTP server (dsmtp.exe) shipped with DMail is reportedly prone to a remote format string vulnerability. Specifically, this issue arises when the application handles malicious data passed through various administrative commands. A successful attack may result in crashing the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context the server. It should be noted that exploitation of this vulnerability requires the attacker to have the DMail administrative password.

Affected Products

• NetWin DMail 3.1.0 A
• NetWin DMail 3.1.0 b

References

• BugTraq: 13505
• CVE: CVE-2005-1478
• URL: http://www.netwinsite.com/dmailweb/
• URL: http://www.juniper.net/security/auto/vulnerabilities/vuln215.html
• URL: http://www.frsirt.com/exploits/20050505.dSMTP.c.php