Lucene search
This script is Copyright (C) 1999-2018 and is owned by Tenable, Inc. or an Affiliate thereof.SENDMAIL_DEBUG.NASLHistoryAug 22, 1999 - 12:00 a.m.
Sendmail DEBUG/WIZ Remote Command Execution
1999-08-2200:00:00
This script is Copyright (C) 1999-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
124
Your MTA accepts the DEBUG or WIZ command. It may be an old version of Sendmail.
This command is dangerous as it allows remote users to execute arbitrary commands as root without the need to log in.
#
# (C) Tenable Network Security, Inc.
#
# MA 2004-12-29: I merge sendmail_wiz.nasl into this one
include("compat.inc");
if (description)
{
script_id(10247);
script_version("1.32");
script_cvs_date("Date: 2018/09/17 21:46:53");
script_cve_id("CVE-1999-0095", "CVE-1999-0145");
script_bugtraq_id(1, 2897);
script_name(english:"Sendmail DEBUG/WIZ Remote Command Execution");
script_summary(english:"Checks for the presence of DEBUG or WIZ commands");
script_set_attribute(attribute:"synopsis", value:"Arbitrary commands may be run on this server.");
script_set_attribute(attribute:"description", value:
"Your MTA accepts the DEBUG or WIZ command. It may be an old version
of Sendmail.
This command is dangerous as it allows remote users to execute
arbitrary commands as root without the need to log in.");
script_set_attribute(attribute:"solution", value:"Upgrade your MTA.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-1999-0095");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"1983/11/27");
script_set_attribute(attribute:"plugin_publication_date", value:"1999/08/22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:sendmail:sendmail");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 1999-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english: "SMTP problems");
script_dependencies("sendmail_detect.nbin");
script_require_keys("installed_sw/Sendmail");
exit(0);
}
include("vcf.inc");
include("smtp_func.inc");
app_info = vcf::get_app_info(app:"Sendmail");
port = app_info['port'];
if (!get_port_state(port))
audit(AUDIT_PORT_CLOSED, port);
soc = open_sock_tcp(port);
if (!soc) audit(AUDIT_SOCK_FAIL, port);
if (!smtp_recv_banner(socket:soc))
{
close(soc);
audit(AUDIT_NO_BANNER, port);
}
reqs = make_list('DEBUG\r\n', 'WIZ\r\n');
rep_report = '';
vuln = FALSE;
foreach req (reqs)
{
send(socket:soc, data:req);
rep = recv_line(socket:soc, length:1024);
if (rep =~ '^2[0-9][0-9][ \t]')
{
rep_report += rep;
}
rep_report += '\n=================================================\n';
}
close(soc);
if (vuln)
security_report_v4(port:port, severity:SECURITY_HOLE, request:reqs, output:rep_report);
else audit(AUDIT_INST_VER_NOT_VULN, "Sendmail", app_info['version']);
Related
zdt
zdt
Exim 4.87 < 4.91 - (Local / Remote) Command Execution Exploit
2019-06-07 00:00:00
exploitpack
exploitpack
Exim 4.87 4.91 - (Local Remote) Command Execution
2019-06-05 00:00:00
exploitdb
exploitdb
Exim 4.87 < 4.91 - (Local / Remote) Command Execution
2019-06-05 00:00:00
cve
cve
CVE-1999-0095
1988-10-01 04:00:00
CVE-1999-0145
1993-09-30 04:00:00
openvas
openvas
Sendmail DEBUG Command Enabled
2006-03-26 00:00:00
Sendmail WIZ Command Enabled
2005-11-03 00:00:00
cbl_mariner
cbl_mariner
CVE-1999-0145 affecting package sendmail 8.15.2-46
2024-04-26 21:08:25
Related for SENDMAIL_DEBUG.NASL