hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS
2008-08-16T00:00:00
ID HMAILSERVER_REMOTE_DOS.NASL Type nessus Reporter Tenable Modified 2018-11-15T00:00:00
Description
The remote host is running hMailServer, a mail server for Windows.
By sending large amounts of data along with certain IMAP commands such as 'CREATE' or 'RENAME', an authenticated user may be able to crash the remote mail server.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(33902);
script_version("1.13");
script_cve_id("CVE-2008-3676");
script_bugtraq_id(30663);
script_name(english:"hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS");
script_summary(english:"Checks hMailServer version");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an application that is affected by a denial of
service vulnerability." );
script_set_attribute(attribute:"description", value:
"The remote host is running hMailServer, a mail server for Windows.
By sending large amounts of data along with certain IMAP commands such
as 'CREATE' or 'RENAME', an authenticated user may be able to crash
the remote mail server." );
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/495361" );
script_set_attribute(attribute:"see_also", value:"https://www.hmailserver.com/changelog" );
script_set_attribute(attribute:"solution", value:
"Upgrade to hMailServer 4.4.2-B279 or later." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20);
script_set_attribute(attribute:"plugin_publication_date", value: "2008/08/16");
script_cvs_date("Date: 2018/11/15 20:50:27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "find_service1.nasl");
script_require_keys("SMB/Registry/Enumerated");
script_require_ports("Services/imap", 139, 445);
exit(0);
}
include("global_settings.inc");
include("imap_func.inc");
include("smb_func.inc");
# Make sure hMailServer's IMAP service is running.
if (report_paranoia < 2)
{
port = get_kb_item("Services/imap");
if (!port) port = 143;
if (!get_port_state(port)) exit(0);
banner = get_imap_banner(port:port);
if (banner && banner != '* OK IMAPrev1\r\n') exit(0);
}
# Figure out where the installer recorded information about it.
# We will rely on this version later, if required.
list = get_kb_list("SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName");
if (isnull(list)) exit(0);
installstring = NULL;
hmail_version = NULL;
foreach name (keys(list))
{
prod = list[name];
if (prod && "hMailServer" >< prod)
{
installstring = ereg_replace(pattern:"^(SMB\/Registry\/HKLM\/SOFTWARE\/Microsoft\/Windows\/CurrentVersion\/Uninstall\/.+)\/DisplayName$", replace:"\1", string:name);
hmail_version = prod;
break;
}
}
# Get the install path
name = kb_smb_name();
port = kb_smb_transport();
login = kb_smb_login();
pass = kb_smb_password();
domain = kb_smb_domain();
if (!get_port_state(port)) exit(0);
soc = open_sock_tcp(port);
if (!soc) exit(0);
session_init(socket:soc, hostname:name);
rc = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if (rc != 1)
{
NetUseDel();
exit(0);
}
hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if (isnull(hklm))
{
NetUseDel();
exit(0);
}
key = "SOFTWARE\hMailServer";
path = NULL;
key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
if (!isnull(key_h))
{
# If hMailServer is installed..
item = RegQueryValue(handle:key_h, item:"InstallLocation");
if (!isnull(item)) path = item[1];
RegCloseKey(handle:key_h);
}
RegCloseKey(handle:hklm);
if (!path)
{
NetUseDel();
exit(0);
}
share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:path);
exe = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1\Bin\hMailAdmin.exe", string:path);
NetUseDel(close:FALSE);
rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);
if (rc != 1)
{
NetUseDel();
exit(0);
}
fh = CreateFile(file:exe,
desired_access:GENERIC_READ,
file_attributes:FILE_ATTRIBUTE_NORMAL,
share_mode:FILE_SHARE_READ,
create_disposition:OPEN_EXISTING);
ver = NULL;
if (!isnull(fh))
{
ret = GetFileVersionEx(handle:fh);
if (!isnull(ret)) children = ret['Children'];
stringfileinfo = children['StringFileInfo'];
if (!isnull(stringfileinfo))
{
foreach key (keys(stringfileinfo))
{
data = stringfileinfo[key];
if (!isnull(data))
{
ver = data['Comments'];
break;
}
}
}
CloseFile(handle:fh);
}
# nb: We do a sanity check to ensure hMailServer.exe exists,
# if we could not get version off FileVersion Comments.
if(isnull(ver))
{
exe = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1\Bin\hMailServer.exe", string:path);
fh = CreateFile(file:exe,
desired_access:GENERIC_READ,
file_attributes:FILE_ATTRIBUTE_NORMAL,
share_mode:FILE_SHARE_READ,
create_disposition:OPEN_EXISTING);
if (!isnull(fh))
{
ver = GetFileVersion(handle:fh);
CloseFile(handle:fh);
}
}
NetUseDel();
if(!ver) exit(0);
# nb : We rely on the version obtained from FileVersion Comments.
# However, if the version is not correct we
# rely on installer entries for version info.
if(ver && ereg(pattern:"^[0-9]+\.[0-9]+\.*[0-9]*-[A-Z][0-9]+$",string:ver)) hmail_version = ver;
# If we come here hmail_version was probably not set by the
# file version.
if("hMailServer" >< hmail_version)
hmail_version = strstr(hmail_version,"hMailServer ") - "hMailServer "; # hMailServer 4.4.2-B279
# If we get the version ...
if (hmail_version)
{
build = ereg_replace(pattern:"^ *[0-9]\.[0-9]\.*[0-9]* *\-[A-Z]([0-9]+)",string:hmail_version,replace:"\1");
version = ereg_replace(pattern:"^ *([0-9]\.[0-9]\.*[0-9]*) *\-[A-Z][0-9]+",string:hmail_version,replace:"\1");
# Check the version number.
if ( (ereg(pattern:"^([0-3]\.|4\.([0-3]\.|4($|\.[0-1]|-)))",string:version)) || # Flag < 4.4.1
(ereg(pattern:"^4.4.2-B",string:version) && (int(build) < 279 )) # Flag < 4.4.2-B279
)
{
if (report_verbosity)
{
report = string(
"\n",
"hMailServer version ", hmail_version, " is installed on the remote host.\n"
);
security_warning(port:port, extra:report);
}
else
security_warning(port);
}
}
{"id": "HMAILSERVER_REMOTE_DOS.NASL", "bulletinFamily": "scanner", "title": "hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS", "description": "The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such as 'CREATE' or 'RENAME', an authenticated user may be able to crash the remote mail server.", "published": "2008-08-16T00:00:00", "modified": "2018-11-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=33902", "reporter": "Tenable", "references": ["https://www.hmailserver.com/changelog", "https://www.securityfocus.com/archive/1/495361"], "cvelist": ["CVE-2008-3676"], "type": "nessus", "lastseen": "2019-02-21T01:11:08", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-3676"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such\nas 'CREATE' or 'RENAME', an authenticated user may be able to crash\nthe remote mail server.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-01-16T20:08:31", "references": [{"idList": ["CVE-2008-3676"], "type": "cve"}, {"idList": ["OPENVAS:1361412562310900109", "OPENVAS:900109"], "type": "openvas"}, {"idList": ["EDB-ID:32229"], "type": "exploitdb"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "bc58f30d079c3d46faa2fc6311d39abe107bcb56313d6287a41ed813b17d2a65", "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "155983f556182899156e25b85cffba48", "key": "description"}, {"hash": "cc4c6397c8e27696235fe7ab54625a6d", "key": "sourceData"}, {"hash": "a0f2c291f44a631ce0ebf71f7e02b3b9", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "4929727331bd078e05bc297ea7bfa15f", "key": "references"}, {"hash": "95ec20e0187f757e642ed4c3c7b8966b", "key": "title"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "175f88926015af8905e1e7776d9ea17f", "key": "cvelist"}, {"hash": "377bbb7ec7a6c04f2993d0a70f966e37", "key": "published"}, {"hash": "51f77672b9b611fd4095ac85bd27ec98", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=33902", "id": "HMAILSERVER_REMOTE_DOS.NASL", "lastseen": "2019-01-16T20:08:31", "modified": "2018-11-15T00:00:00", "naslFamily": "Windows", "objectVersion": "1.3", "pluginID": "33902", "published": "2008-08-16T00:00:00", "references": ["https://www.hmailserver.com/changelog", "https://www.securityfocus.com/archive/1/495361"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33902);\n script_version(\"1.13\");\n\n script_cve_id(\"CVE-2008-3676\");\n script_bugtraq_id(30663);\n\n script_name(english:\"hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS\");\n script_summary(english:\"Checks hMailServer version\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by a denial of\nservice vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such\nas 'CREATE' or 'RENAME', an authenticated user may be able to crash\nthe remote mail server.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/495361\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.hmailserver.com/changelog\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to hMailServer 4.4.2-B279 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/08/16\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"find_service1.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(\"Services/imap\", 139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"imap_func.inc\");\ninclude(\"smb_func.inc\");\n\n# Make sure hMailServer's IMAP service is running.\nif (report_paranoia < 2)\n{\n port = get_kb_item(\"Services/imap\");\n if (!port) port = 143;\n if (!get_port_state(port)) exit(0);\n\n banner = get_imap_banner(port:port);\n if (banner && banner != '* OK IMAPrev1\\r\\n') exit(0);\n}\n\n# Figure out where the installer recorded information about it.\n# We will rely on this version later, if required.\n\nlist = get_kb_list(\"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName\");\nif (isnull(list)) exit(0);\n\ninstallstring = NULL;\nhmail_version = NULL;\n\nforeach name (keys(list))\n{\n prod = list[name];\n if (prod && \"hMailServer\" >< prod)\n {\n installstring = ereg_replace(pattern:\"^(SMB\\/Registry\\/HKLM\\/SOFTWARE\\/Microsoft\\/Windows\\/CurrentVersion\\/Uninstall\\/.+)\\/DisplayName$\", replace:\"\\1\", string:name);\n hmail_version = prod;\n break;\n }\n}\n\n# Get the install path\n\nname = kb_smb_name();\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif (!get_port_state(port)) exit(0);\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\nsession_init(socket:soc, hostname:name);\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n exit(0);\n}\n\nkey = \"SOFTWARE\\hMailServer\";\npath = NULL;\n\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n # If hMailServer is installed..\n item = RegQueryValue(handle:key_h, item:\"InstallLocation\");\n if (!isnull(item)) path = item[1];\n RegCloseKey(handle:key_h);\n}\nRegCloseKey(handle:hklm);\n\nif (!path)\n{\n NetUseDel();\n exit(0);\n}\n\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\nexe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailAdmin.exe\", string:path);\nNetUseDel(close:FALSE);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nfh = CreateFile(file:exe, \n\tdesired_access:GENERIC_READ, \n\tfile_attributes:FILE_ATTRIBUTE_NORMAL, \n\tshare_mode:FILE_SHARE_READ, \n\tcreate_disposition:OPEN_EXISTING);\n\nver = NULL;\nif (!isnull(fh))\n{\n ret = GetFileVersionEx(handle:fh);\n if (!isnull(ret)) children = ret['Children'];\n\n stringfileinfo = children['StringFileInfo'];\n if (!isnull(stringfileinfo))\n {\n foreach key (keys(stringfileinfo))\n {\n data = stringfileinfo[key];\n if (!isnull(data))\n {\n ver = data['Comments'];\n break;\n }\n }\n }\t\n CloseFile(handle:fh);\n}\n\n# nb: We do a sanity check to ensure hMailServer.exe exists, \n# if we could not get version off FileVersion Comments.\n\t \nif(isnull(ver))\n{\n exe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailServer.exe\", string:path);\n \n fh = CreateFile(file:exe,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING);\n\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n }\n} \n\nNetUseDel();\n\n \nif(!ver) exit(0);\n\n# nb : We rely on the version obtained from FileVersion Comments.\n# However, if the version is not correct we \n# rely on installer entries for version info.\n\nif(ver && ereg(pattern:\"^[0-9]+\\.[0-9]+\\.*[0-9]*-[A-Z][0-9]+$\",string:ver)) hmail_version = ver;\n\n# If we come here hmail_version was probably not set by the \n# file version.\nif(\"hMailServer\" >< hmail_version)\nhmail_version = strstr(hmail_version,\"hMailServer \") - \"hMailServer \"; # hMailServer 4.4.2-B279\n\n# If we get the version ...\nif (hmail_version)\n{\n build \t= ereg_replace(pattern:\"^ *[0-9]\\.[0-9]\\.*[0-9]* *\\-[A-Z]([0-9]+)\",string:hmail_version,replace:\"\\1\");\n version = ereg_replace(pattern:\"^ *([0-9]\\.[0-9]\\.*[0-9]*) *\\-[A-Z][0-9]+\",string:hmail_version,replace:\"\\1\");\n\n # Check the version number.\n if ( (ereg(pattern:\"^([0-3]\\.|4\\.([0-3]\\.|4($|\\.[0-1]|-)))\",string:version)) || # Flag < 4.4.1\n (ereg(pattern:\"^4.4.2-B\",string:version) && (int(build) < 279 ))\t \t # Flag < 4.4.2-B279\n )\t\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"hMailServer version \", hmail_version, \" is installed on the remote host.\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port);\n }\n} \n", "title": "hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS", "type": "nessus", "viewCount": 46}, "differentElements": ["description"], "edition": 7, "lastseen": "2019-01-16T20:08:31"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-3676"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such as 'CREATE' or 'RENAME', an authenticated user may be able to crash the remote mail server.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "d411ce048fcbf75f6c56983988e8a281badffe3ab5ac103890f1dd09bf730673", "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "a0f2c291f44a631ce0ebf71f7e02b3b9", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "71bc5ce2c6c2082eec188cd6e47cddff", "key": "modified"}, {"hash": "7d038137339a3717309f59863f44d2f7", "key": "sourceData"}, {"hash": "95ec20e0187f757e642ed4c3c7b8966b", "key": "title"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "cdbafa38116655ef034cf00450f2cc7c", "key": "description"}, {"hash": "78fc0470990a54e9281872186c626a9d", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "175f88926015af8905e1e7776d9ea17f", "key": "cvelist"}, {"hash": "377bbb7ec7a6c04f2993d0a70f966e37", "key": "published"}, {"hash": "51f77672b9b611fd4095ac85bd27ec98", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=33902", "id": "HMAILSERVER_REMOTE_DOS.NASL", "lastseen": "2018-08-23T17:38:37", "modified": "2018-08-22T00:00:00", "naslFamily": "Windows", "objectVersion": "1.3", "pluginID": "33902", "published": "2008-08-16T00:00:00", "references": ["http://www.hmailserver.com/documentation/?page=changelog", "http://www.securityfocus.com/archive/1/495361"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33902);\n script_version(\"1.12\");\n\n script_cve_id(\"CVE-2008-3676\");\n script_bugtraq_id(30663);\n\n script_name(english:\"hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS\");\n script_summary(english:\"Checks hMailServer version\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by a denial of\nservice vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such\nas 'CREATE' or 'RENAME', an authenticated user may be able to crash\nthe remote mail server.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/495361\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hmailserver.com/documentation/?page=changelog\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to hMailServer 4.4.2-B279 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/08/16\");\n script_cvs_date(\"Date: 2018/08/22 16:49:14\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"find_service1.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(\"Services/imap\", 139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"imap_func.inc\");\ninclude(\"smb_func.inc\");\n\n# Make sure hMailServer's IMAP service is running.\nif (report_paranoia < 2)\n{\n port = get_kb_item(\"Services/imap\");\n if (!port) port = 143;\n if (!get_port_state(port)) exit(0);\n\n banner = get_imap_banner(port:port);\n if (banner && banner != '* OK IMAPrev1\\r\\n') exit(0);\n}\n\n# Figure out where the installer recorded information about it.\n# We will rely on this version later, if required.\n\nlist = get_kb_list(\"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName\");\nif (isnull(list)) exit(0);\n\ninstallstring = NULL;\nhmail_version = NULL;\n\nforeach name (keys(list))\n{\n prod = list[name];\n if (prod && \"hMailServer\" >< prod)\n {\n installstring = ereg_replace(pattern:\"^(SMB\\/Registry\\/HKLM\\/SOFTWARE\\/Microsoft\\/Windows\\/CurrentVersion\\/Uninstall\\/.+)\\/DisplayName$\", replace:\"\\1\", string:name);\n hmail_version = prod;\n break;\n }\n}\n\n# Get the install path\n\nname = kb_smb_name();\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif (!get_port_state(port)) exit(0);\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\nsession_init(socket:soc, hostname:name);\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n exit(0);\n}\n\nkey = \"SOFTWARE\\hMailServer\";\npath = NULL;\n\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n # If hMailServer is installed..\n item = RegQueryValue(handle:key_h, item:\"InstallLocation\");\n if (!isnull(item)) path = item[1];\n RegCloseKey(handle:key_h);\n}\nRegCloseKey(handle:hklm);\n\nif (!path)\n{\n NetUseDel();\n exit(0);\n}\n\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\nexe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailAdmin.exe\", string:path);\nNetUseDel(close:FALSE);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nfh = CreateFile(file:exe, \n\tdesired_access:GENERIC_READ, \n\tfile_attributes:FILE_ATTRIBUTE_NORMAL, \n\tshare_mode:FILE_SHARE_READ, \n\tcreate_disposition:OPEN_EXISTING);\n\nver = NULL;\nif (!isnull(fh))\n{\n ret = GetFileVersionEx(handle:fh);\n if (!isnull(ret)) children = ret['Children'];\n\n stringfileinfo = children['StringFileInfo'];\n if (!isnull(stringfileinfo))\n {\n foreach key (keys(stringfileinfo))\n {\n data = stringfileinfo[key];\n if (!isnull(data))\n {\n ver = data['Comments'];\n break;\n }\n }\n }\t\n CloseFile(handle:fh);\n}\n\n# nb: We do a sanity check to ensure hMailServer.exe exists, \n# if we could not get version off FileVersion Comments.\n\t \nif(isnull(ver))\n{\n exe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailServer.exe\", string:path);\n \n fh = CreateFile(file:exe,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING);\n\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n }\n} \n\nNetUseDel();\n\n \nif(!ver) exit(0);\n\n# nb : We rely on the version obtained from FileVersion Comments.\n# However, if the version is not correct we \n# rely on installer entries for version info.\n\nif(ver && ereg(pattern:\"^[0-9]+\\.[0-9]+\\.*[0-9]*-[A-Z][0-9]+$\",string:ver)) hmail_version = ver;\n\n# If we come here hmail_version was probably not set by the \n# file version.\nif(\"hMailServer\" >< hmail_version)\nhmail_version = strstr(hmail_version,\"hMailServer \") - \"hMailServer \"; # hMailServer 4.4.2-B279\n\n# If we get the version ...\nif (hmail_version)\n{\n build \t= ereg_replace(pattern:\"^ *[0-9]\\.[0-9]\\.*[0-9]* *\\-[A-Z]([0-9]+)\",string:hmail_version,replace:\"\\1\");\n version = ereg_replace(pattern:\"^ *([0-9]\\.[0-9]\\.*[0-9]*) *\\-[A-Z][0-9]+\",string:hmail_version,replace:\"\\1\");\n\n # Check the version number.\n if ( (ereg(pattern:\"^([0-3]\\.|4\\.([0-3]\\.|4($|\\.[0-1]|-)))\",string:version)) || # Flag < 4.4.1\n (ereg(pattern:\"^4.4.2-B\",string:version) && (int(build) < 279 ))\t \t # Flag < 4.4.2-B279\n )\t\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"hMailServer version \", hmail_version, \" is installed on the remote host.\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port);\n }\n} \n", "title": "hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS", "type": "nessus", "viewCount": 27}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-23T17:38:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-3676"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such as 'CREATE' or 'RENAME', an authenticated user may be able to crash the remote mail server.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "2fb1090b710dba1ac8545a391aa298d810f8879ff2d746cc7a112cd061feea00", "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "a0f2c291f44a631ce0ebf71f7e02b3b9", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "95ec20e0187f757e642ed4c3c7b8966b", "key": "title"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "ab0abb4ff494c22c3ce6c8366fd32692", "key": "sourceData"}, {"hash": "cdbafa38116655ef034cf00450f2cc7c", "key": "description"}, {"hash": "78fc0470990a54e9281872186c626a9d", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "175f88926015af8905e1e7776d9ea17f", "key": "cvelist"}, {"hash": "377bbb7ec7a6c04f2993d0a70f966e37", "key": "published"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}, {"hash": "51f77672b9b611fd4095ac85bd27ec98", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=33902", "id": "HMAILSERVER_REMOTE_DOS.NASL", "lastseen": "2018-07-13T09:46:11", "modified": "2018-07-12T00:00:00", "naslFamily": "Windows", "objectVersion": "1.3", "pluginID": "33902", "published": "2008-08-16T00:00:00", "references": ["http://www.hmailserver.com/documentation/?page=changelog", "http://www.securityfocus.com/archive/1/495361"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33902);\n script_version(\"1.11\");\n\n script_cve_id(\"CVE-2008-3676\");\n script_bugtraq_id(30663);\n script_xref(name:\"OSVDB\", value:\"47459\");\n\n script_name(english:\"hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS\");\n script_summary(english:\"Checks hMailServer version\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by a denial of\nservice vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such\nas 'CREATE' or 'RENAME', an authenticated user may be able to crash\nthe remote mail server.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/495361\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hmailserver.com/documentation/?page=changelog\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to hMailServer 4.4.2-B279 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/08/16\");\n script_cvs_date(\"Date: 2018/07/12 19:01:17\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"find_service1.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(\"Services/imap\", 139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"imap_func.inc\");\ninclude(\"smb_func.inc\");\n\n# Make sure hMailServer's IMAP service is running.\nif (report_paranoia < 2)\n{\n port = get_kb_item(\"Services/imap\");\n if (!port) port = 143;\n if (!get_port_state(port)) exit(0);\n\n banner = get_imap_banner(port:port);\n if (banner && banner != '* OK IMAPrev1\\r\\n') exit(0);\n}\n\n# Figure out where the installer recorded information about it.\n# We will rely on this version later, if required.\n\nlist = get_kb_list(\"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName\");\nif (isnull(list)) exit(0);\n\ninstallstring = NULL;\nhmail_version = NULL;\n\nforeach name (keys(list))\n{\n prod = list[name];\n if (prod && \"hMailServer\" >< prod)\n {\n installstring = ereg_replace(pattern:\"^(SMB\\/Registry\\/HKLM\\/SOFTWARE\\/Microsoft\\/Windows\\/CurrentVersion\\/Uninstall\\/.+)\\/DisplayName$\", replace:\"\\1\", string:name);\n hmail_version = prod;\n break;\n }\n}\n\n# Get the install path\n\nname = kb_smb_name();\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif (!get_port_state(port)) exit(0);\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\nsession_init(socket:soc, hostname:name);\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n exit(0);\n}\n\nkey = \"SOFTWARE\\hMailServer\";\npath = NULL;\n\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n # If hMailServer is installed..\n item = RegQueryValue(handle:key_h, item:\"InstallLocation\");\n if (!isnull(item)) path = item[1];\n RegCloseKey(handle:key_h);\n}\nRegCloseKey(handle:hklm);\n\nif (!path)\n{\n NetUseDel();\n exit(0);\n}\n\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\nexe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailAdmin.exe\", string:path);\nNetUseDel(close:FALSE);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nfh = CreateFile(file:exe, \n\tdesired_access:GENERIC_READ, \n\tfile_attributes:FILE_ATTRIBUTE_NORMAL, \n\tshare_mode:FILE_SHARE_READ, \n\tcreate_disposition:OPEN_EXISTING);\n\nver = NULL;\nif (!isnull(fh))\n{\n ret = GetFileVersionEx(handle:fh);\n if (!isnull(ret)) children = ret['Children'];\n\n stringfileinfo = children['StringFileInfo'];\n if (!isnull(stringfileinfo))\n {\n foreach key (keys(stringfileinfo))\n {\n data = stringfileinfo[key];\n if (!isnull(data))\n {\n ver = data['Comments'];\n break;\n }\n }\n }\t\n CloseFile(handle:fh);\n}\n\n# nb: We do a sanity check to ensure hMailServer.exe exists, \n# if we could not get version off FileVersion Comments.\n\t \nif(isnull(ver))\n{\n exe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailServer.exe\", string:path);\n \n fh = CreateFile(file:exe,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING);\n\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n }\n} \n\nNetUseDel();\n\n \nif(!ver) exit(0);\n\n# nb : We rely on the version obtained from FileVersion Comments.\n# However, if the version is not correct we \n# rely on installer entries for version info.\n\nif(ver && ereg(pattern:\"^[0-9]+\\.[0-9]+\\.*[0-9]*-[A-Z][0-9]+$\",string:ver)) hmail_version = ver;\n\n# If we come here hmail_version was probably not set by the \n# file version.\nif(\"hMailServer\" >< hmail_version)\nhmail_version = strstr(hmail_version,\"hMailServer \") - \"hMailServer \"; # hMailServer 4.4.2-B279\n\n# If we get the version ...\nif (hmail_version)\n{\n build \t= ereg_replace(pattern:\"^ *[0-9]\\.[0-9]\\.*[0-9]* *\\-[A-Z]([0-9]+)\",string:hmail_version,replace:\"\\1\");\n version = ereg_replace(pattern:\"^ *([0-9]\\.[0-9]\\.*[0-9]*) *\\-[A-Z][0-9]+\",string:hmail_version,replace:\"\\1\");\n\n # Check the version number.\n if ( (ereg(pattern:\"^([0-3]\\.|4\\.([0-3]\\.|4($|\\.[0-1]|-)))\",string:version)) || # Flag < 4.4.1\n (ereg(pattern:\"^4.4.2-B\",string:version) && (int(build) < 279 ))\t \t # Flag < 4.4.2-B279\n )\t\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"hMailServer version \", hmail_version, \" is installed on the remote host.\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port);\n }\n} \n", "title": "hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS", "type": "nessus", "viewCount": 26}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2018-07-13T09:46:11"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-3676"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such as 'CREATE' or 'RENAME', an authenticated user may be able to crash the remote mail server.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "d411ce048fcbf75f6c56983988e8a281badffe3ab5ac103890f1dd09bf730673", "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "a0f2c291f44a631ce0ebf71f7e02b3b9", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "71bc5ce2c6c2082eec188cd6e47cddff", "key": "modified"}, {"hash": "7d038137339a3717309f59863f44d2f7", "key": "sourceData"}, {"hash": "95ec20e0187f757e642ed4c3c7b8966b", "key": "title"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "cdbafa38116655ef034cf00450f2cc7c", "key": "description"}, {"hash": "78fc0470990a54e9281872186c626a9d", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "175f88926015af8905e1e7776d9ea17f", "key": "cvelist"}, {"hash": "377bbb7ec7a6c04f2993d0a70f966e37", "key": "published"}, {"hash": "51f77672b9b611fd4095ac85bd27ec98", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=33902", "id": "HMAILSERVER_REMOTE_DOS.NASL", "lastseen": "2018-09-01T23:42:00", "modified": "2018-08-22T00:00:00", "naslFamily": "Windows", "objectVersion": "1.3", "pluginID": "33902", "published": "2008-08-16T00:00:00", "references": ["http://www.hmailserver.com/documentation/?page=changelog", "http://www.securityfocus.com/archive/1/495361"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33902);\n script_version(\"1.12\");\n\n script_cve_id(\"CVE-2008-3676\");\n script_bugtraq_id(30663);\n\n script_name(english:\"hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS\");\n script_summary(english:\"Checks hMailServer version\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by a denial of\nservice vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such\nas 'CREATE' or 'RENAME', an authenticated user may be able to crash\nthe remote mail server.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/495361\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hmailserver.com/documentation/?page=changelog\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to hMailServer 4.4.2-B279 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/08/16\");\n script_cvs_date(\"Date: 2018/08/22 16:49:14\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"find_service1.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(\"Services/imap\", 139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"imap_func.inc\");\ninclude(\"smb_func.inc\");\n\n# Make sure hMailServer's IMAP service is running.\nif (report_paranoia < 2)\n{\n port = get_kb_item(\"Services/imap\");\n if (!port) port = 143;\n if (!get_port_state(port)) exit(0);\n\n banner = get_imap_banner(port:port);\n if (banner && banner != '* OK IMAPrev1\\r\\n') exit(0);\n}\n\n# Figure out where the installer recorded information about it.\n# We will rely on this version later, if required.\n\nlist = get_kb_list(\"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName\");\nif (isnull(list)) exit(0);\n\ninstallstring = NULL;\nhmail_version = NULL;\n\nforeach name (keys(list))\n{\n prod = list[name];\n if (prod && \"hMailServer\" >< prod)\n {\n installstring = ereg_replace(pattern:\"^(SMB\\/Registry\\/HKLM\\/SOFTWARE\\/Microsoft\\/Windows\\/CurrentVersion\\/Uninstall\\/.+)\\/DisplayName$\", replace:\"\\1\", string:name);\n hmail_version = prod;\n break;\n }\n}\n\n# Get the install path\n\nname = kb_smb_name();\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif (!get_port_state(port)) exit(0);\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\nsession_init(socket:soc, hostname:name);\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n exit(0);\n}\n\nkey = \"SOFTWARE\\hMailServer\";\npath = NULL;\n\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n # If hMailServer is installed..\n item = RegQueryValue(handle:key_h, item:\"InstallLocation\");\n if (!isnull(item)) path = item[1];\n RegCloseKey(handle:key_h);\n}\nRegCloseKey(handle:hklm);\n\nif (!path)\n{\n NetUseDel();\n exit(0);\n}\n\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\nexe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailAdmin.exe\", string:path);\nNetUseDel(close:FALSE);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nfh = CreateFile(file:exe, \n\tdesired_access:GENERIC_READ, \n\tfile_attributes:FILE_ATTRIBUTE_NORMAL, \n\tshare_mode:FILE_SHARE_READ, \n\tcreate_disposition:OPEN_EXISTING);\n\nver = NULL;\nif (!isnull(fh))\n{\n ret = GetFileVersionEx(handle:fh);\n if (!isnull(ret)) children = ret['Children'];\n\n stringfileinfo = children['StringFileInfo'];\n if (!isnull(stringfileinfo))\n {\n foreach key (keys(stringfileinfo))\n {\n data = stringfileinfo[key];\n if (!isnull(data))\n {\n ver = data['Comments'];\n break;\n }\n }\n }\t\n CloseFile(handle:fh);\n}\n\n# nb: We do a sanity check to ensure hMailServer.exe exists, \n# if we could not get version off FileVersion Comments.\n\t \nif(isnull(ver))\n{\n exe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailServer.exe\", string:path);\n \n fh = CreateFile(file:exe,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING);\n\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n }\n} \n\nNetUseDel();\n\n \nif(!ver) exit(0);\n\n# nb : We rely on the version obtained from FileVersion Comments.\n# However, if the version is not correct we \n# rely on installer entries for version info.\n\nif(ver && ereg(pattern:\"^[0-9]+\\.[0-9]+\\.*[0-9]*-[A-Z][0-9]+$\",string:ver)) hmail_version = ver;\n\n# If we come here hmail_version was probably not set by the \n# file version.\nif(\"hMailServer\" >< hmail_version)\nhmail_version = strstr(hmail_version,\"hMailServer \") - \"hMailServer \"; # hMailServer 4.4.2-B279\n\n# If we get the version ...\nif (hmail_version)\n{\n build \t= ereg_replace(pattern:\"^ *[0-9]\\.[0-9]\\.*[0-9]* *\\-[A-Z]([0-9]+)\",string:hmail_version,replace:\"\\1\");\n version = ereg_replace(pattern:\"^ *([0-9]\\.[0-9]\\.*[0-9]*) *\\-[A-Z][0-9]+\",string:hmail_version,replace:\"\\1\");\n\n # Check the version number.\n if ( (ereg(pattern:\"^([0-3]\\.|4\\.([0-3]\\.|4($|\\.[0-1]|-)))\",string:version)) || # Flag < 4.4.1\n (ereg(pattern:\"^4.4.2-B\",string:version) && (int(build) < 279 ))\t \t # Flag < 4.4.2-B279\n )\t\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"hMailServer version \", hmail_version, \" is installed on the remote host.\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port);\n }\n} \n", "title": "hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS", "type": "nessus", "viewCount": 37}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:42:00"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-3676"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such as 'CREATE' or 'RENAME', an authenticated user may be able to crash the remote mail server.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "222125460265cd1572368049830d0b98b2b291237a50c3a9137682b50a614aff", "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "a0f2c291f44a631ce0ebf71f7e02b3b9", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "71bc5ce2c6c2082eec188cd6e47cddff", "key": "modified"}, {"hash": "7d038137339a3717309f59863f44d2f7", "key": "sourceData"}, {"hash": "95ec20e0187f757e642ed4c3c7b8966b", "key": "title"}, {"hash": "cdbafa38116655ef034cf00450f2cc7c", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "78fc0470990a54e9281872186c626a9d", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "175f88926015af8905e1e7776d9ea17f", "key": "cvelist"}, {"hash": "377bbb7ec7a6c04f2993d0a70f966e37", "key": "published"}, {"hash": "51f77672b9b611fd4095ac85bd27ec98", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=33902", "id": "HMAILSERVER_REMOTE_DOS.NASL", "lastseen": "2018-08-30T19:36:39", "modified": "2018-08-22T00:00:00", "naslFamily": "Windows", "objectVersion": "1.3", "pluginID": "33902", "published": "2008-08-16T00:00:00", "references": ["http://www.hmailserver.com/documentation/?page=changelog", "http://www.securityfocus.com/archive/1/495361"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33902);\n script_version(\"1.12\");\n\n script_cve_id(\"CVE-2008-3676\");\n script_bugtraq_id(30663);\n\n script_name(english:\"hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS\");\n script_summary(english:\"Checks hMailServer version\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by a denial of\nservice vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such\nas 'CREATE' or 'RENAME', an authenticated user may be able to crash\nthe remote mail server.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/495361\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hmailserver.com/documentation/?page=changelog\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to hMailServer 4.4.2-B279 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/08/16\");\n script_cvs_date(\"Date: 2018/08/22 16:49:14\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"find_service1.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(\"Services/imap\", 139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"imap_func.inc\");\ninclude(\"smb_func.inc\");\n\n# Make sure hMailServer's IMAP service is running.\nif (report_paranoia < 2)\n{\n port = get_kb_item(\"Services/imap\");\n if (!port) port = 143;\n if (!get_port_state(port)) exit(0);\n\n banner = get_imap_banner(port:port);\n if (banner && banner != '* OK IMAPrev1\\r\\n') exit(0);\n}\n\n# Figure out where the installer recorded information about it.\n# We will rely on this version later, if required.\n\nlist = get_kb_list(\"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName\");\nif (isnull(list)) exit(0);\n\ninstallstring = NULL;\nhmail_version = NULL;\n\nforeach name (keys(list))\n{\n prod = list[name];\n if (prod && \"hMailServer\" >< prod)\n {\n installstring = ereg_replace(pattern:\"^(SMB\\/Registry\\/HKLM\\/SOFTWARE\\/Microsoft\\/Windows\\/CurrentVersion\\/Uninstall\\/.+)\\/DisplayName$\", replace:\"\\1\", string:name);\n hmail_version = prod;\n break;\n }\n}\n\n# Get the install path\n\nname = kb_smb_name();\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif (!get_port_state(port)) exit(0);\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\nsession_init(socket:soc, hostname:name);\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n exit(0);\n}\n\nkey = \"SOFTWARE\\hMailServer\";\npath = NULL;\n\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n # If hMailServer is installed..\n item = RegQueryValue(handle:key_h, item:\"InstallLocation\");\n if (!isnull(item)) path = item[1];\n RegCloseKey(handle:key_h);\n}\nRegCloseKey(handle:hklm);\n\nif (!path)\n{\n NetUseDel();\n exit(0);\n}\n\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\nexe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailAdmin.exe\", string:path);\nNetUseDel(close:FALSE);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nfh = CreateFile(file:exe, \n\tdesired_access:GENERIC_READ, \n\tfile_attributes:FILE_ATTRIBUTE_NORMAL, \n\tshare_mode:FILE_SHARE_READ, \n\tcreate_disposition:OPEN_EXISTING);\n\nver = NULL;\nif (!isnull(fh))\n{\n ret = GetFileVersionEx(handle:fh);\n if (!isnull(ret)) children = ret['Children'];\n\n stringfileinfo = children['StringFileInfo'];\n if (!isnull(stringfileinfo))\n {\n foreach key (keys(stringfileinfo))\n {\n data = stringfileinfo[key];\n if (!isnull(data))\n {\n ver = data['Comments'];\n break;\n }\n }\n }\t\n CloseFile(handle:fh);\n}\n\n# nb: We do a sanity check to ensure hMailServer.exe exists, \n# if we could not get version off FileVersion Comments.\n\t \nif(isnull(ver))\n{\n exe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailServer.exe\", string:path);\n \n fh = CreateFile(file:exe,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING);\n\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n }\n} \n\nNetUseDel();\n\n \nif(!ver) exit(0);\n\n# nb : We rely on the version obtained from FileVersion Comments.\n# However, if the version is not correct we \n# rely on installer entries for version info.\n\nif(ver && ereg(pattern:\"^[0-9]+\\.[0-9]+\\.*[0-9]*-[A-Z][0-9]+$\",string:ver)) hmail_version = ver;\n\n# If we come here hmail_version was probably not set by the \n# file version.\nif(\"hMailServer\" >< hmail_version)\nhmail_version = strstr(hmail_version,\"hMailServer \") - \"hMailServer \"; # hMailServer 4.4.2-B279\n\n# If we get the version ...\nif (hmail_version)\n{\n build \t= ereg_replace(pattern:\"^ *[0-9]\\.[0-9]\\.*[0-9]* *\\-[A-Z]([0-9]+)\",string:hmail_version,replace:\"\\1\");\n version = ereg_replace(pattern:\"^ *([0-9]\\.[0-9]\\.*[0-9]*) *\\-[A-Z][0-9]+\",string:hmail_version,replace:\"\\1\");\n\n # Check the version number.\n if ( (ereg(pattern:\"^([0-3]\\.|4\\.([0-3]\\.|4($|\\.[0-1]|-)))\",string:version)) || # Flag < 4.4.1\n (ereg(pattern:\"^4.4.2-B\",string:version) && (int(build) < 279 ))\t \t # Flag < 4.4.2-B279\n )\t\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"hMailServer version \", hmail_version, \" is installed on the remote host.\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port);\n }\n} \n", "title": "hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS", "type": "nessus", "viewCount": 27}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:36:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-3676"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such as 'CREATE' or 'RENAME', an authenticated user may be able to crash the remote mail server.", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "ac98b1315d85fdcfebacb21b3c3b6a2f6bb2a97d678d77ffcaf24ef2e789f908", "hashmap": [{"hash": "2f98c4deb1f1fb7aa0a16013a9f5ee01", "key": "modified"}, {"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "a0f2c291f44a631ce0ebf71f7e02b3b9", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4cbbff86798f4f52af8352e52c790d40", "key": "sourceData"}, {"hash": "95ec20e0187f757e642ed4c3c7b8966b", "key": "title"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "cdbafa38116655ef034cf00450f2cc7c", "key": "description"}, {"hash": "78fc0470990a54e9281872186c626a9d", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "175f88926015af8905e1e7776d9ea17f", "key": "cvelist"}, {"hash": "377bbb7ec7a6c04f2993d0a70f966e37", "key": "published"}, {"hash": "51f77672b9b611fd4095ac85bd27ec98", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=33902", "id": "HMAILSERVER_REMOTE_DOS.NASL", "lastseen": "2016-09-26T17:24:10", "modified": "2016-05-11T00:00:00", "naslFamily": "Windows", "objectVersion": "1.2", "pluginID": "33902", "published": "2008-08-16T00:00:00", "references": ["http://www.hmailserver.com/documentation/?page=changelog", "http://www.securityfocus.com/archive/1/495361"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33902);\n script_version(\"$Revision: 1.10 $\");\n\n script_cve_id(\"CVE-2008-3676\");\n script_bugtraq_id(30663);\n script_xref(name:\"OSVDB\", value:\"47459\");\n\n script_name(english:\"hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS\");\n script_summary(english:\"Checks hMailServer version\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by a denial of\nservice vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such\nas 'CREATE' or 'RENAME', an authenticated user may be able to crash\nthe remote mail server.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/495361\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.hmailserver.com/documentation/?page=changelog\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to hMailServer 4.4.2-B279 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/08/16\");\n script_cvs_date(\"$Date: 2016/05/11 13:32:17 $\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"find_service1.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(\"Services/imap\", 139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"imap_func.inc\");\ninclude(\"smb_func.inc\");\n\n# Make sure hMailServer's IMAP service is running.\nif (report_paranoia < 2)\n{\n port = get_kb_item(\"Services/imap\");\n if (!port) port = 143;\n if (!get_port_state(port)) exit(0);\n\n banner = get_imap_banner(port:port);\n if (banner && banner != '* OK IMAPrev1\\r\\n') exit(0);\n}\n\n# Figure out where the installer recorded information about it.\n# We will rely on this version later, if required.\n\nlist = get_kb_list(\"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName\");\nif (isnull(list)) exit(0);\n\ninstallstring = NULL;\nhmail_version = NULL;\n\nforeach name (keys(list))\n{\n prod = list[name];\n if (prod && \"hMailServer\" >< prod)\n {\n installstring = ereg_replace(pattern:\"^(SMB\\/Registry\\/HKLM\\/SOFTWARE\\/Microsoft\\/Windows\\/CurrentVersion\\/Uninstall\\/.+)\\/DisplayName$\", replace:\"\\1\", string:name);\n hmail_version = prod;\n break;\n }\n}\n\n# Get the install path\n\nname = kb_smb_name();\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif (!get_port_state(port)) exit(0);\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\nsession_init(socket:soc, hostname:name);\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n exit(0);\n}\n\nkey = \"SOFTWARE\\hMailServer\";\npath = NULL;\n\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n # If hMailServer is installed..\n item = RegQueryValue(handle:key_h, item:\"InstallLocation\");\n if (!isnull(item)) path = item[1];\n RegCloseKey(handle:key_h);\n}\nRegCloseKey(handle:hklm);\n\nif (!path)\n{\n NetUseDel();\n exit(0);\n}\n\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\nexe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailAdmin.exe\", string:path);\nNetUseDel(close:FALSE);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nfh = CreateFile(file:exe, \n\tdesired_access:GENERIC_READ, \n\tfile_attributes:FILE_ATTRIBUTE_NORMAL, \n\tshare_mode:FILE_SHARE_READ, \n\tcreate_disposition:OPEN_EXISTING);\n\nver = NULL;\nif (!isnull(fh))\n{\n ret = GetFileVersionEx(handle:fh);\n if (!isnull(ret)) children = ret['Children'];\n\n stringfileinfo = children['StringFileInfo'];\n if (!isnull(stringfileinfo))\n {\n foreach key (keys(stringfileinfo))\n {\n data = stringfileinfo[key];\n if (!isnull(data))\n {\n ver = data['Comments'];\n break;\n }\n }\n }\t\n CloseFile(handle:fh);\n}\n\n# nb: We do a sanity check to ensure hMailServer.exe exists, \n# if we could not get version off FileVersion Comments.\n\t \nif(isnull(ver))\n{\n exe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailServer.exe\", string:path);\n \n fh = CreateFile(file:exe,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING);\n\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n }\n} \n\nNetUseDel();\n\n \nif(!ver) exit(0);\n\n# nb : We rely on the version obtained from FileVersion Comments.\n# However, if the version is not correct we \n# rely on installer entries for version info.\n\nif(ver && ereg(pattern:\"^[0-9]+\\.[0-9]+\\.*[0-9]*-[A-Z][0-9]+$\",string:ver)) hmail_version = ver;\n\n# If we come here hmail_version was probably not set by the \n# file version.\nif(\"hMailServer\" >< hmail_version)\nhmail_version = strstr(hmail_version,\"hMailServer \") - \"hMailServer \"; # hMailServer 4.4.2-B279\n\n# If we get the version ...\nif (hmail_version)\n{\n build \t= ereg_replace(pattern:\"^ *[0-9]\\.[0-9]\\.*[0-9]* *\\-[A-Z]([0-9]+)\",string:hmail_version,replace:\"\\1\");\n version = ereg_replace(pattern:\"^ *([0-9]\\.[0-9]\\.*[0-9]*) *\\-[A-Z][0-9]+\",string:hmail_version,replace:\"\\1\");\n\n # Check the version number.\n if ( (ereg(pattern:\"^([0-3]\\.|4\\.([0-3]\\.|4($|\\.[0-1]|-)))\",string:version)) || # Flag < 4.4.1\n (ereg(pattern:\"^4.4.2-B\",string:version) && (int(build) < 279 ))\t \t # Flag < 4.4.2-B279\n )\t\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"hMailServer version \", hmail_version, \" is installed on the remote host.\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port);\n }\n} \n", "title": "hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS", "type": "nessus", "viewCount": 21}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:24:10"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-3676"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such as 'CREATE' or 'RENAME', an authenticated user may be able to crash the remote mail server.", "edition": 6, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "a8760d6f329b966d4141c5e3684e5179f4ea516f80ac818dbf9f1f238cc6340c", "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "cc4c6397c8e27696235fe7ab54625a6d", "key": "sourceData"}, {"hash": "a0f2c291f44a631ce0ebf71f7e02b3b9", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "4929727331bd078e05bc297ea7bfa15f", "key": "references"}, {"hash": "95ec20e0187f757e642ed4c3c7b8966b", "key": "title"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "cdbafa38116655ef034cf00450f2cc7c", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "175f88926015af8905e1e7776d9ea17f", "key": "cvelist"}, {"hash": "377bbb7ec7a6c04f2993d0a70f966e37", "key": "published"}, {"hash": "51f77672b9b611fd4095ac85bd27ec98", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=33902", "id": "HMAILSERVER_REMOTE_DOS.NASL", "lastseen": "2018-11-16T16:56:21", "modified": "2018-11-15T00:00:00", "naslFamily": "Windows", "objectVersion": "1.3", "pluginID": "33902", "published": "2008-08-16T00:00:00", "references": ["https://www.hmailserver.com/changelog", "https://www.securityfocus.com/archive/1/495361"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33902);\n script_version(\"1.13\");\n\n script_cve_id(\"CVE-2008-3676\");\n script_bugtraq_id(30663);\n\n script_name(english:\"hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS\");\n script_summary(english:\"Checks hMailServer version\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by a denial of\nservice vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such\nas 'CREATE' or 'RENAME', an authenticated user may be able to crash\nthe remote mail server.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/495361\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.hmailserver.com/changelog\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to hMailServer 4.4.2-B279 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/08/16\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"find_service1.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(\"Services/imap\", 139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"imap_func.inc\");\ninclude(\"smb_func.inc\");\n\n# Make sure hMailServer's IMAP service is running.\nif (report_paranoia < 2)\n{\n port = get_kb_item(\"Services/imap\");\n if (!port) port = 143;\n if (!get_port_state(port)) exit(0);\n\n banner = get_imap_banner(port:port);\n if (banner && banner != '* OK IMAPrev1\\r\\n') exit(0);\n}\n\n# Figure out where the installer recorded information about it.\n# We will rely on this version later, if required.\n\nlist = get_kb_list(\"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName\");\nif (isnull(list)) exit(0);\n\ninstallstring = NULL;\nhmail_version = NULL;\n\nforeach name (keys(list))\n{\n prod = list[name];\n if (prod && \"hMailServer\" >< prod)\n {\n installstring = ereg_replace(pattern:\"^(SMB\\/Registry\\/HKLM\\/SOFTWARE\\/Microsoft\\/Windows\\/CurrentVersion\\/Uninstall\\/.+)\\/DisplayName$\", replace:\"\\1\", string:name);\n hmail_version = prod;\n break;\n }\n}\n\n# Get the install path\n\nname = kb_smb_name();\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif (!get_port_state(port)) exit(0);\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\nsession_init(socket:soc, hostname:name);\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n exit(0);\n}\n\nkey = \"SOFTWARE\\hMailServer\";\npath = NULL;\n\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n # If hMailServer is installed..\n item = RegQueryValue(handle:key_h, item:\"InstallLocation\");\n if (!isnull(item)) path = item[1];\n RegCloseKey(handle:key_h);\n}\nRegCloseKey(handle:hklm);\n\nif (!path)\n{\n NetUseDel();\n exit(0);\n}\n\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\nexe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailAdmin.exe\", string:path);\nNetUseDel(close:FALSE);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nfh = CreateFile(file:exe, \n\tdesired_access:GENERIC_READ, \n\tfile_attributes:FILE_ATTRIBUTE_NORMAL, \n\tshare_mode:FILE_SHARE_READ, \n\tcreate_disposition:OPEN_EXISTING);\n\nver = NULL;\nif (!isnull(fh))\n{\n ret = GetFileVersionEx(handle:fh);\n if (!isnull(ret)) children = ret['Children'];\n\n stringfileinfo = children['StringFileInfo'];\n if (!isnull(stringfileinfo))\n {\n foreach key (keys(stringfileinfo))\n {\n data = stringfileinfo[key];\n if (!isnull(data))\n {\n ver = data['Comments'];\n break;\n }\n }\n }\t\n CloseFile(handle:fh);\n}\n\n# nb: We do a sanity check to ensure hMailServer.exe exists, \n# if we could not get version off FileVersion Comments.\n\t \nif(isnull(ver))\n{\n exe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailServer.exe\", string:path);\n \n fh = CreateFile(file:exe,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING);\n\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n }\n} \n\nNetUseDel();\n\n \nif(!ver) exit(0);\n\n# nb : We rely on the version obtained from FileVersion Comments.\n# However, if the version is not correct we \n# rely on installer entries for version info.\n\nif(ver && ereg(pattern:\"^[0-9]+\\.[0-9]+\\.*[0-9]*-[A-Z][0-9]+$\",string:ver)) hmail_version = ver;\n\n# If we come here hmail_version was probably not set by the \n# file version.\nif(\"hMailServer\" >< hmail_version)\nhmail_version = strstr(hmail_version,\"hMailServer \") - \"hMailServer \"; # hMailServer 4.4.2-B279\n\n# If we get the version ...\nif (hmail_version)\n{\n build \t= ereg_replace(pattern:\"^ *[0-9]\\.[0-9]\\.*[0-9]* *\\-[A-Z]([0-9]+)\",string:hmail_version,replace:\"\\1\");\n version = ereg_replace(pattern:\"^ *([0-9]\\.[0-9]\\.*[0-9]*) *\\-[A-Z][0-9]+\",string:hmail_version,replace:\"\\1\");\n\n # Check the version number.\n if ( (ereg(pattern:\"^([0-3]\\.|4\\.([0-3]\\.|4($|\\.[0-1]|-)))\",string:version)) || # Flag < 4.4.1\n (ereg(pattern:\"^4.4.2-B\",string:version) && (int(build) < 279 ))\t \t # Flag < 4.4.2-B279\n )\t\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"hMailServer version \", hmail_version, \" is installed on the remote host.\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port);\n }\n} \n", "title": "hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS", "type": "nessus", "viewCount": 41}, "differentElements": ["description"], "edition": 6, "lastseen": "2018-11-16T16:56:21"}], "edition": 8, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "175f88926015af8905e1e7776d9ea17f"}, {"key": "cvss", "hash": "3873c836ae45fd496c2b40bae50467ed"}, {"key": "description", "hash": "cdbafa38116655ef034cf00450f2cc7c"}, {"key": "href", "hash": "51f77672b9b611fd4095ac85bd27ec98"}, {"key": "modified", "hash": "015cb78ce50d3bd4e2fbe18f25603329"}, {"key": "naslFamily", "hash": "aea23489ce3aa9b6406ebb28e0cda430"}, {"key": "pluginID", "hash": "a0f2c291f44a631ce0ebf71f7e02b3b9"}, {"key": "published", "hash": "377bbb7ec7a6c04f2993d0a70f966e37"}, {"key": "references", "hash": "4929727331bd078e05bc297ea7bfa15f"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "cc4c6397c8e27696235fe7ab54625a6d"}, {"key": "title", "hash": "95ec20e0187f757e642ed4c3c7b8966b"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "a8760d6f329b966d4141c5e3684e5179f4ea516f80ac818dbf9f1f238cc6340c", "viewCount": 46, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3676"]}, {"type": "exploitdb", "idList": ["EDB-ID:32229"]}, {"type": "openvas", "idList": ["OPENVAS:900109", "OPENVAS:1361412562310900109"]}], "modified": "2019-02-21T01:11:08"}, "score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33902);\n script_version(\"1.13\");\n\n script_cve_id(\"CVE-2008-3676\");\n script_bugtraq_id(30663);\n\n script_name(english:\"hMailServer < 4.4.2 build 279 IMAP Command Handling Remote DoS\");\n script_summary(english:\"Checks hMailServer version\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by a denial of\nservice vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running hMailServer, a mail server for Windows. \n\nBy sending large amounts of data along with certain IMAP commands such\nas 'CREATE' or 'RENAME', an authenticated user may be able to crash\nthe remote mail server.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/495361\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.hmailserver.com/changelog\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to hMailServer 4.4.2-B279 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/08/16\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"find_service1.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(\"Services/imap\", 139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"imap_func.inc\");\ninclude(\"smb_func.inc\");\n\n# Make sure hMailServer's IMAP service is running.\nif (report_paranoia < 2)\n{\n port = get_kb_item(\"Services/imap\");\n if (!port) port = 143;\n if (!get_port_state(port)) exit(0);\n\n banner = get_imap_banner(port:port);\n if (banner && banner != '* OK IMAPrev1\\r\\n') exit(0);\n}\n\n# Figure out where the installer recorded information about it.\n# We will rely on this version later, if required.\n\nlist = get_kb_list(\"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName\");\nif (isnull(list)) exit(0);\n\ninstallstring = NULL;\nhmail_version = NULL;\n\nforeach name (keys(list))\n{\n prod = list[name];\n if (prod && \"hMailServer\" >< prod)\n {\n installstring = ereg_replace(pattern:\"^(SMB\\/Registry\\/HKLM\\/SOFTWARE\\/Microsoft\\/Windows\\/CurrentVersion\\/Uninstall\\/.+)\\/DisplayName$\", replace:\"\\1\", string:name);\n hmail_version = prod;\n break;\n }\n}\n\n# Get the install path\n\nname = kb_smb_name();\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif (!get_port_state(port)) exit(0);\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\nsession_init(socket:soc, hostname:name);\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n exit(0);\n}\n\nkey = \"SOFTWARE\\hMailServer\";\npath = NULL;\n\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n # If hMailServer is installed..\n item = RegQueryValue(handle:key_h, item:\"InstallLocation\");\n if (!isnull(item)) path = item[1];\n RegCloseKey(handle:key_h);\n}\nRegCloseKey(handle:hklm);\n\nif (!path)\n{\n NetUseDel();\n exit(0);\n}\n\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\nexe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailAdmin.exe\", string:path);\nNetUseDel(close:FALSE);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nfh = CreateFile(file:exe, \n\tdesired_access:GENERIC_READ, \n\tfile_attributes:FILE_ATTRIBUTE_NORMAL, \n\tshare_mode:FILE_SHARE_READ, \n\tcreate_disposition:OPEN_EXISTING);\n\nver = NULL;\nif (!isnull(fh))\n{\n ret = GetFileVersionEx(handle:fh);\n if (!isnull(ret)) children = ret['Children'];\n\n stringfileinfo = children['StringFileInfo'];\n if (!isnull(stringfileinfo))\n {\n foreach key (keys(stringfileinfo))\n {\n data = stringfileinfo[key];\n if (!isnull(data))\n {\n ver = data['Comments'];\n break;\n }\n }\n }\t\n CloseFile(handle:fh);\n}\n\n# nb: We do a sanity check to ensure hMailServer.exe exists, \n# if we could not get version off FileVersion Comments.\n\t \nif(isnull(ver))\n{\n exe = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\Bin\\hMailServer.exe\", string:path);\n \n fh = CreateFile(file:exe,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING);\n\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n }\n} \n\nNetUseDel();\n\n \nif(!ver) exit(0);\n\n# nb : We rely on the version obtained from FileVersion Comments.\n# However, if the version is not correct we \n# rely on installer entries for version info.\n\nif(ver && ereg(pattern:\"^[0-9]+\\.[0-9]+\\.*[0-9]*-[A-Z][0-9]+$\",string:ver)) hmail_version = ver;\n\n# If we come here hmail_version was probably not set by the \n# file version.\nif(\"hMailServer\" >< hmail_version)\nhmail_version = strstr(hmail_version,\"hMailServer \") - \"hMailServer \"; # hMailServer 4.4.2-B279\n\n# If we get the version ...\nif (hmail_version)\n{\n build \t= ereg_replace(pattern:\"^ *[0-9]\\.[0-9]\\.*[0-9]* *\\-[A-Z]([0-9]+)\",string:hmail_version,replace:\"\\1\");\n version = ereg_replace(pattern:\"^ *([0-9]\\.[0-9]\\.*[0-9]*) *\\-[A-Z][0-9]+\",string:hmail_version,replace:\"\\1\");\n\n # Check the version number.\n if ( (ereg(pattern:\"^([0-3]\\.|4\\.([0-3]\\.|4($|\\.[0-1]|-)))\",string:version)) || # Flag < 4.4.1\n (ereg(pattern:\"^4.4.2-B\",string:version) && (int(build) < 279 ))\t \t # Flag < 4.4.2-B279\n )\t\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"hMailServer version \", hmail_version, \" is installed on the remote host.\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port);\n }\n} \n", "naslFamily": "Windows", "pluginID": "33902", "cpe": [], "scheme": null}
{"cve": [{"lastseen": "2018-10-12T11:33:47", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.", "modified": "2018-10-11T16:49:23", "published": "2008-08-14T15:41:00", "id": "CVE-2008-3676", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3676", "title": "CVE-2008-3676", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T16:29:31", "bulletinFamily": "exploit", "description": "hMailServer 4.4.1 IMAP Command Remote Denial of Service Vulnerability. CVE-2008-3676. Dos exploit for windows platform", "modified": "2008-08-12T00:00:00", "published": "2008-08-12T00:00:00", "id": "EDB-ID:32229", "href": "https://www.exploit-db.com/exploits/32229/", "type": "exploitdb", "title": "hMailServer 4.4.1 IMAP Command Remote Denial of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/30663/info\r\n\r\nhMailServer is prone to a remote denial-of-service vulnerability caused by large numbers of certain IMAP commands.\r\n\r\nExploiting this issue will cause the server to crash and deny access to legitimate users.\r\n\r\nhMailServer 4.4.1 is vulnerable; other versions may also be affected.\r\n\r\nA01 CREATE AAAAA\r\nA02 CREATE AAAAAA\r\nA03 CREATE AAAAAAA\r\n...\r\nA97 RENAME AAAAA BBBBB\r\nA98 RENAME AAAAAA BBBBBB\r\nA100 RENAME AAAAAAA BBBBBBB ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/32229/"}], "openvas": [{"lastseen": "2017-07-02T21:10:12", "bulletinFamily": "scanner", "description": "This host is running hMailServer, which is prone to\n Denial of Service vulnerability.", "modified": "2017-02-20T00:00:00", "published": "2008-08-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=900109", "id": "OPENVAS:900109", "title": "hMailServer IMAP Denial of Service Vulnerability", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_hmailserver_imap_dos_vuln_900109.nasl 5370 2017-02-20 15:24:26Z cfi $\n# Description: hMailServer IMAP Denial of Service Vulnerability\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Exploitation will cause the server to crash and deny access\n to legitimate users.\n Impact Level : Application/System\";\n\ntag_solution = \"Fixed in development version 4.4.2 (build 279)\n http://www.hmailserver.com/?page=download_mirrors&downloadid=144\";\n\ntag_affected = \"hMailServer version 4.4.1 - Build 273 and prior\";\n\ntag_insight = \"The flaw is due to an error in the mail server that can be exploited \n by sending large numbers of IMAP commands.\";\n\n\ntag_summary = \"This host is running hMailServer, which is prone to\n Denial of Service vulnerability.\";\n\n\nif(description)\n{\n script_id(900109);\n script_version(\"$Revision: 5370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 16:24:26 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)\");\n script_cve_id(\"CVE-2008-3676\");\n script_bugtraq_id(30663);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"Denial of Service\");\n script_name(\"hMailServer IMAP Denial of Service Vulnerability\");\n\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445, \"Services/imap\", 143);\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/archive/1/495361\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/31480/\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\n include(\"smb_nt.inc\");\n include(\"imap_func.inc\");\n \n port = get_kb_item(\"Services/imap\");\n if(!port) {\n\tport = 143;\n }\n\n if(!get_port_state(port)) {\n\texit(0);\n }\n\n if(\"IMAP\" >!< get_imap_banner(port:port)){\n exit(0);\n }\n\n if(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n }\n\n hmsVer = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\"\n\t\t\t\t\t+ \"\\Uninstall\\hMailServer_is1\",\n\t\t\t item:\"DisplayName\");\n if(!hmsVer){\n\texit(0);\n } \n\n if(egrep(pattern:\"hMailServer ([0-3]\\..*|4\\.([0-3]\\..*|4\\.[01]))\", string:hmsVer)){\n\tsecurity_message(port);\n }\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-30T21:33:52", "bulletinFamily": "scanner", "description": "This host is running hMailServer, which is prone to\n Denial of Service vulnerability.", "modified": "2018-11-30T00:00:00", "published": "2008-08-22T00:00:00", "id": "OPENVAS:1361412562310900109", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900109", "title": "hMailServer IMAP Denial of Service Vulnerability", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_hmailserver_imap_dos_vuln_900109.nasl 12602 2018-11-30 14:36:58Z cfischer $\n# Description: hMailServer IMAP Denial of Service Vulnerability\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900109\");\n script_version(\"$Revision: 12602 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-30 15:36:58 +0100 (Fri, 30 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)\");\n script_cve_id(\"CVE-2008-3676\");\n script_bugtraq_id(30663);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_name(\"hMailServer IMAP Denial of Service Vulnerability\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/495361\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/31480/\");\n script_xref(name:\"URL\", value:\"http://www.hmailserver.com/?page=download_mirrors&downloadid=144\");\n\n script_tag(name:\"summary\", value:\"This host is running hMailServer, which is prone to\n Denial of Service vulnerability.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an error in the mail server that can be exploited\n by sending large numbers of IMAP commands.\");\n\n script_tag(name:\"affected\", value:\"hMailServer version 4.4.1 - Build 273 and prior\");\n\n script_tag(name:\"solution\", value:\"Fixed in development version 4.4.2 (build 279).\");\n\n script_tag(name:\"impact\", value:\"Exploitation will cause the server to crash and deny access\n to legitimate users.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\hMailServer_is1\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nhmsVer = registry_get_sz(key:key, item:\"DisplayName\");\nif(!hmsVer){\n exit(0);\n}\n\nif(egrep(pattern:\"hMailServer ([0-3]\\..*|4\\.([0-3]\\..*|4\\.[01]))\", string:hmsVer)){\n report = report_fixed_ver(installed_version:hmsVer, fixed_version:\"4.4.2 (build 279)\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}