sendmail_custom_config.nasl

来自「漏洞扫描源码,可以扫描linux,windows,交换机路由器」· NASL 代码 · 共 40 行

# This script was written by Michel Arboi <arboi@alussinan.org>
#
# GPL
#
# References:
# From: "Michal Zalewski" <lcamtuf@echelon.pl>
# To: bugtraq@securityfocus.com
# CC: sendmail-security@sendmail.org
# Subject: RAZOR advisory: multiple Sendmail vulnerabilities

if(description)
{
 script_id(11086);
 script_bugtraq_id(3377);
 script_cve_id("CVE-2001-0713");
 script_version ("$Revision: 38 $");
 
 name["english"] = "Sendmail custom configuration file";
 name["francais"] = "Fichier de configuration sp閏ifique de sendmail";
 script_name(english:name["english"],
 	     francais:name["francais"]);
 
 desc["english"] = "
The remote sendmail server, according to its version number,
may be vulnerable to a 'Mail System Compromise' when a
user supplies a custom configuration file.
Although the mail server is suppose to run as a lambda user, 
a programming error allows the local attacker to regain the extra 
dropped privileges and run commands as root.

Solution : upgrade to the latest version of Sendmail
Risk factor : High
Note : This vulnerability is _local_ only"; 


 desc["francais"] = "
Le serveur sendmail distant, d'apr鑣 son num閞o de version,
est vuln閞able lorsqu'un utilisateur fournit un fichier de 
configuration sp閏ifique.
Bien que le serveur soit cens