did you look at your logs at all to watch how qmail silently does nothing?
-----Original Message-----
From: Matt Simonsen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 18, 2001 3:25 PM
To: Qmail@List. Cr. Yp. To
Subject: Nessus scan results
I got these from Nessus ... a scan of email.careercast.com, running Qmail
1.03. I have to believe they are all non-issues because I saw several
threads relating to the way Qmail hadles pipes, but perhaps somebody out
there can confirm them all as false alarms. The last ones are probably the
ones that are the most worrysome out of all of them.
>From Nessus:
The remote SMTP server did not complain when issued the
command :
MAIL FROM: root@this_host
RCPT TO: |testing
This probably means that it is possible to send mail directly
to programs, which is a serious threat, since this allows
anyone to execute arbitrary command on this host.
NOTE : ** This security hole might be a false positive, since
some MTAs will not complain to this test, and instead will
just drop the message silently **
Solution : upgrade your MTA or change it.
Risk factor : High
CVE : CAN-1999-0163
. Vulnerability found on port smtp (25/tcp) :
The remote SMTP server did not complain when issued the
command :
MAIL FROM: root@this_host
RCPT TO: /tmp/nessus_test
This probably means that it is possible to send mail directly
to files, which is a serious threat, since this allows
anyone to overwrite any file on the remote server.
NOTE : ** This security hole might be a false positive, since
some MTAs will not complain to this test and will
just drop the message silently. Check for the presence
of file 'nessus_test' in /tmp ! **
Solution : upgrade your MTA or change it.
Risk factor : High
CVE : CVE-1999-0096
. Vulnerability found on port smtp (25/tcp) :
The remote SMTP server did not complain when issued the
command :
MAIL FROM: |testing
This probably means that it is possible to send mail
that will be bounced to a program, which is
a serious threat, since this allows anyone to execute
arbitrary command on this host.
NOTE : ** This security hole might be a false positive, since
some MTAs will not complain to this test, but instead
just drop the message silently **
Solution : upgrade your MTA or change it.
Risk factor : High
CVE : CAN-1999-0203
. Vulnerability found on port smtp (25/tcp) :
There is a buffer overflow
when this MTA is issued the 'HELO' command
issued by a too long argument.
This problem may allow an attacker to
execute arbitrary code on this computer,
or to disable your ability to send or
receive emails.
Solution : contact your vendor for a
patch.
Risk factor : High
CVE : CAN-1999-0284
. Vulnerability found on port smtp (25/tcp) :
It was possible to perform
a denial of service against the remote
Interscan SMTP server by sending it a special long HELO command.
This problem allows a cracker to prevent
your Interscan SMTP server from handling requests.
Solution : contact your vendor for a patch.
Risk factor :
Serious
. Vulnerability found on port smtp (25/tcp) :
There is a buffer overflow
when this MTA is issued the 'HELO' command
issued by a too long argument (12,000 chars)
This problem may allow an attacker to
execute arbitrary code on this computer,
or to disable your ability to send or
receive emails.
Solution : contact your vendor for a
patch.
Risk factor : High
CVE : CAN-2000-0042
. Vulnerability found on port smtp (25/tcp) :
There seem to be a buffer overflow in the remote SMTP server
when the server is issued a too long argument to the 'MAIL FROM'
command, like :
MAIL FROM: AAA[...][EMAIL PROTECTED]
Where AAA[...]AAA contains more than 8000 'A's.
This problem may allow a cracker to prevent this host
to act as a mail host and may even allow him to execute
arbitrary code on this sytem.
Solution : Contact your vendor for a patch
Risk factor :
High
. Warning found on port smtp (25/tcp)
There is a problem in NTMail3, which allows anyone to
use it as a mail relay, provided that the source adress is set to '<>'.
This problem allows any spammer to use your mail server to spam the
world, thus blacklisting your mailserver, and using your network
resources.
Risk factor : Medium.
Solution : There are no solution provided by the author of NTMail,
so you might want to change mail servers
CVE : CAN-1999-0819
. Information found on port smtp (25/tcp)
