sendmail_queue_destruction.nasl

来自「漏洞扫描源码,可以扫描linux,windows,交换机路由器」· NASL 代码 · 共 40 行

# This script was written by Michel Arboi <arboi@alussinan.org>
#
# GPL
#
# References:
# From: "Michal Zalewski" <lcamtuf@echelon.pl>
# To: bugtraq@securityfocus.com
# CC: sendmail-security@sendmail.org
# Subject: RAZOR advisory: multiple Sendmail vulnerabilities

if(description)
{
 script_id(11087);
 script_bugtraq_id(3378);
 script_cve_id("CVE-2001-0714");
 script_version ("$Revision: 38 $");
 
 name["english"] = "Sendmail queue manipulation & destruction";
 name["francais"] = "Manipulation & destruction de la file d'attente de sendmail";
 script_name(english:name["english"],
 	     francais:name["francais"]);
 
 desc["english"] = "
The remote sendmail server, according to its version number,
might be vulnerable to a queue destruction when a local user
runs
	sendmail -q -h1000

If you system does not allow users to process the queue (which
is the default), you are not vulnerable.

Solution : upgrade to the latest version of Sendmail or 
do not allow users to process the queue (RestrictQRun option)
Risk factor : Low
Note : This vulnerability is _local_ only"; 


 desc["francais"] = "
Le serveur sendmail distant, d'apr鑣 son num閞o de version,
est vuln閞able