youngzsoft cmailserver prior 5.2.1 multiple remote vulnerabilities.plugin

全面网络扫描器VB源代码 很实用

<plugin_id>334</plugin_id>
<plugin_name>Youngzsoft CMailServer prior 5.2.1 multiple remote vulnerabilities</plugin_name>
<plugin_family>SMTP</plugin_family>
<plugin_created_date>2005/01/09</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc.ruef at computec.ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_version>1.0</plugin_version>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>25</plugin_port>
<plugin_procedure_detection>open|sleep|close|pattern_exists 220 ESMTP CMailServer [0-4].*SMTP Service Ready* OR 220 ESMTP CMailServer 5.[0-1].*SMTP Service Ready* OR OR 220 ESMTP CMailServer 5.2.[0-1]*SMTP Service Ready*</plugin_procedure_detection>
<plugin_detection_accuracy>80</plugin_detection_accuracy>
<plugin_comment>The NASL script is Copyright (C) 2004 Tenable Network Security</plugin_comment>
<bug_produced_name>Youngzsoft </bug_produced_name>
<bug_affected>Youngzsoft CMailServer prior 5.2.1</bug_affected>
<bug_not_affected>Youngzsoft CMailServer newer than 5.2.1</bug_not_affected>
<bug_vulnerability_class>Unknown</bug_vulnerability_class>
<bug_description>The remote host is running YoungZSoft CMail Server, a mail server for Microsoft Windows. There are multiple remote vulnerabilities like buffer overflow, SQL injection, HTML injection in the remote version of this software which may allow an attacker to execute arbitrary code on the remote host.</bug_description>
<bug_solution>Upgrade to CMailServer 5.2.1 or later.</bug_solution>
<bug_fixing_time>Approx. 30 minutes</bug_fixing_time>
<bug_exploit_availability>Maybe</bug_exploit_availability>
<bug_exploit_url>http://www.securityfocus.com/bid/11742/exploit/</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>High</bug_severity>
<bug_popularity>7</bug_popularity>
<bug_simplicity>6</bug_simplicity>
<bug_impact>9</bug_impact>
<bug_risk>7</bug_risk>
<bug_nessus_risk>High</bug_nessus_risk>
<bug_check_tool>Nessus can check this flaw with the plugin 15828 (Youngzsoft CMailServer Multiple Remote Vulnerabilities).</bug_check_tool>
<source_securityfocus_bid>11742</source_securityfocus_bid>
<source_nessus_id>15828</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.computec.ch</source_misc>