hi davide,
i recently ran a nessus (www.nessus.org) test against my xmail
machines... the following was discovered - dunno if you trust the tests
performed. (please notice that there are some duplicate messages
due to the way i ran nessus (enabled all plugins)).
nevertheless i did a second nessus run with only the xmail test
module enabled (see apop/auth/user issue below) and 2 smtp tests
which deal with the helo issue... i got the same results (albeit 1 of the
vulnerabilities found each, not 4 :)
could you please tell me your opinion on this davide ? i confess i do
not live very well with those results in mind.... if you need some info
about nessus (in case you never used it) i'll try to provide you with it...
thanks!
. Vulnerability found on port smtp (25/tcp) :
There is a buffer overflow
when this MTA is issued the 'HELO' command
issued by a too long argument.
This problem may allow an attacker to
execute arbitrary code on this computer,
or to disable your ability to send or
receive emails.
Solution : contact your vendor for a
patch.
Risk factor :
High
. Vulnerability found on port smtp (25/tcp) :
There seem to be a buffer overflow in the remote SMTP server
when the server is issued a too long argument to the 'MAIL FROM'
command.
This problem may allow a cracker to prevent this host
to act as a mail host and may even allow him to execute
arbitrary code on this sytem.
Solution : If you are using TFS SMTP, upgrade to version 4.0.
If you do not, then inform your vendor of this vulnerability
and wait for a patch.
Risk factor : High
CVE : CAN-1999-1516
. Vulnerability found on port smtp (25/tcp) :
There is a buffer overflow
when this MTA is issued the 'HELO' command
issued by a too long argument.
This problem may allow an attacker to
execute arbitrary code on this computer,
or to disable your ability to send or
receive emails.
Solution : contact your vendor for a
patch.
Risk factor : High
CVE : CAN-1999-0284
. Vulnerability found on port smtp (25/tcp) :
It was possible to perform
a denial of service against the remote
Interscan SMTP server by sending it a special long HELO
command.
This problem allows a cracker to prevent
your Interscan SMTP server from handling requests.
Solution : contact your vendor for a patch.
Risk factor :
Serious
. Vulnerability found on port smtp (25/tcp) :
There is a buffer overflow
when this MTA is issued the 'HELO' command
issued by a too long argument (12,000 chars)
This problem may allow an attacker to
execute arbitrary code on this computer,
or to disable your ability to send or
receive emails.
Solution : contact your vendor for a
patch.
Risk factor : High
CVE : CAN-2000-0042
. Vulnerability found on port smtp (25/tcp) :
There seem to be a buffer overflow in the remote SMTP server
when the server is issued a too long argument to the 'MAIL FROM'
command, like :
MAIL FROM: AAA[...][EMAIL PROTECTED]
Where AAA[...]AAA contains more than 8000 'A's.
This problem may allow a cracker to prevent this host
to act as a mail host and may even allow him to execute
arbitrary code on this sytem.
Solution : Contact your vendor for a patch
Risk factor :
High
. Vulnerability found on port pop3 (110/tcp) :
There is a bug in some versions of qpopper which
allow a remote user to become root using a buffer overflow.
Solution : upgrade
to the latest version.
Risk factor : High
CVE : CVE-1999-0006
. Vulnerability found on port pop3 (110/tcp) :
The remote POP3 server seems
to be subject to a buffer overflow when it receives
two too long arguments to the APOP command.
This problem may allow an attacker to disable this
pop server or to execute arbitrary code on this
host.
Solution : Contact your vendor for a patch
Risk factor : High
CVE : CAN-2000-0841
. Vulnerability found on port pop3 (110/tcp) :
The remote pop3 server is vulnerable to a buffer
overflow when issued a very long command.
This *may* allow an attacker to execute arbitrary commands
as root on the remote POP3 server.
Solution : contact your vendor, inform it of this
vulnerability, and ask for a patch
Risk factor :
High
. Vulnerability found on port pop3 (110/tcp) :
The remote pop3 server is vulnerable to a buffer
overflow when issued a very long user name
(10,000 chars)
This *may* allow an attacker to execute arbitrary commands
as root on the remote POP3 server.
Solution : contact your vendor, inform it of this
vulnerability, and ask for a patch
Risk factor : High
CVE : CAN-2000-0060
. Vulnerability found on port pop3 (110/tcp) :
There is a vulnerability in the QPopper 3.0b package that
allows users with a valid account to gain a shell on the system
Solution : Use another pop server
Risk factor : Medium
CVE : CAN-2000-0096
. Vulnerability found on port pop3 (110/tcp) :
The remote POP3 server seems
to be subject to a buffer overflow when
it is issued at least one of these commands,
with a too long argument :
auth
user
pass
This problem may allow a cracker to execute
arbitrary code on the remote system, thus
giving him a root shell.
Solution : disable your POP3 server in /etc/inetd.conf
if you don't use it, or upgrade it to a more secure
version.
Risk factor :
High
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
