Intrusion Prevention

SMTP.CMD.Overflow

Description

This indicates detection of an overly long SMTP client command.
SMTP servers that have insufficient sanitizing of SMTP commands field might be prone to such an attack. Successful attacks may allow a remote attacker to execute arbitrary code within the context of the webserver, crash the affected application or deny services to legitimate users.

Affected Products

Any unprotected or misconfigured SMTP server is vulnerable to the attack.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply appropriate patches or upgrade the system to the latest non-vulnerable version.
Monitor the traffic from that network for any suspicious activity.

CVE References

CVE-2002-0274