1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82
|
# This script was written by Michel Arboi <arboi@alussinan.org>
#
# GPL
#
# References:
# From: "Michal Zalewski" <lcamtuf@echelon.pl>
# To: bugtraq@securityfocus.com
# CC: sendmail-security@sendmail.org
# Subject: RAZOR advisory: multiple Sendmail vulnerabilities
if(description)
{
script_id(11086);
script_bugtraq_id(3377);
script_cve_id("CVE-2001-0713");
script_version ("$Revision: 1.8 $");
name["english"] = "Sendmail custom configuration file";
name["francais"] = "Fichier de configuration spcifique de sendmail";
script_name(english:name["english"],
francais:name["francais"]);
desc["english"] = "
The remote sendmail server, according to its version number,
may be vulnerable to a 'Mail System Compromise' when a
user supplies a custom configuration file.
Although the mail server is suppose to run as a lambda user,
a programming error allows the local attacker to regain the extra
dropped privileges and run commands as root.
Solution : upgrade to the latest version of Sendmail
Risk factor : High
Note : This vulnerability is _local_ only";
desc["francais"] = "
Le serveur sendmail distant, d'aprs son numro de version,
est vulnrable lorsqu'un utilisateur fournit un fichier de
configuration spcifique.
Bien que le serveur soit cens tourner sous une identit lambda,
une erreur de programmation permet l'attaquant local de regagner
les privilges abandonns et d'excuter des commandes en tant que root.
Solution : mettez jour sendmail
Facteur de risque : Elev
Note : cette vulnrabiit est locale uniquement";
script_description(english:desc["english"],
francais:desc["francais"]);
summary["english"] = "Checks the version number for 'custom config file'";
summary["francais"] = "Vrification du numro de srie de sendmail pour l'attaque 'fichier de configuration spcifique'";
script_summary(english:summary["english"],
francais:summary["francais"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2002 Michel Arboi",
francais:"Ce script est Copyright (C) 2002 Michel Arboi");
family["english"] = "SMTP problems";
family["francais"] = "Problmes SMTP";
script_family(english:family["english"], francais:family["francais"]);
script_dependencie("find_service.nes","smtpserver_detect.nasl");
script_require_keys("SMTP/sendmail");
script_require_ports("Services/smtp", 25);
exit(0);
}
#
include("smtp_func.inc");
port = get_kb_item("Services/smtp");
if(!port) port = 25;
banner = get_smtp_banner(port: port);
if(! banner || "Switch-" >< banner ) exit(0);
if(egrep(pattern:".*Sendmail.*8\.12\.0.*", string:banner))
security_hole(port);
|