shn_sendmail_doublepipe.nasl

来自「漏洞扫描源码,可以扫描linux,windows,交换机路由器」· NASL 代码 · 共 69 行

NASL
69
字号 
## This script was written by Vincent Renardias <vincent@strongholdnet.com>## Licence: GPLv2#if(description){ script_id(11321); script_bugtraq_id(5845); script_cve_id("CVE-2002-1165", "CVE-2002-1337"); script_version ("$Revision: 38 $"); if ( defined_func("script_xref") ) script_xref(name:"RHSA", value:"RHSA-2003:073-06"); if ( defined_func("script_xref") ) script_xref(name:"SuSE", value:"SUSE-SA:2003:023");  name["english"] = "Sendmail 8.8.8 to 8.12.7 Double Pipe Access Validation Vulnerability"; script_name(english:name["english"]);  desc["english"] = "smrsh (supplied by Sendmail) is designed to prevent the execution ofcommands outside of the restricted environment. However, when commandsare entered using either double pipes (||) or a mixture of dotand slash characters, a user may be able to bypass the checksperformed by smrsh. This can lead to the execution of commandsoutside of the restricted environment.Solution : upgrade to the latest version of Sendmail (or at least 8.12.8).Risk factor : Medium";  script_description(english:desc["english"]);  summary["english"] = "Checks sendmail's version number";  summary["francais"] = "V閞ification du num閞o de s閞ie de sendmail"; script_summary(english:summary["english"],                 francais:summary["francais"]);  script_category(ACT_GATHER_INFO);  script_copyright(english:"This script is Copyright (C) 2003 StrongHoldNet",                  francais:"Ce script est Copyright (C) 2003 StrongHoldNet");  family["english"] = "SMTP problems"; family["francais"] = "Probl鑝es SMTP"; script_family(english:family["english"], francais:family["francais"]); script_dependencie("find_service.nes", "smtpserver_detect.nasl"); script_require_ports("Services/smtp", 25); script_require_keys("SMTP/sendmail"); exit(0);}## The script code starts here#include("smtp_func.inc");port = get_kb_item("Services/smtp");if(!port) port = 25;banner = get_smtp_banner(port:port);if(banner){ if(egrep(pattern:"Sendmail.*(8\.8\.[89]|8\.9\..*|8\.1[01]\.*|8\.12\.[0-7][^0-9])/", string:banner))        security_warning(port);}

shn_sendmail_doublepipe.nasl - 源码说明

本页面展示了「漏洞扫描源码,可以扫描linux,windows,交换机路由器」中的 shn_sendmail_doublepipe.nasl 源码文件,采用 NASL 编程语言编写,共 69 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与windows相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?