[mdk-re] Nessus results

[Artem Pastuchov]

Добрый день

Я тут прошелся сабжем по свежепоставленному спрингу ,
и ему очень не понравился postfix :

Vulnerability found on port smtp (25/tcp)



The remote SMTP server did not complain when issued the
command :
 MAIL FROM: root на this_host
 RCPT TO: |testing

This probably means that it is possible to send mail directly
to programs, which is a serious threat, since this allows
anyone to execute arbitrary command on this host.

NOTE : ** This security hole might be a false positive, since
 some MTAs will not complain to this test, and instead will
 just drop the message silently **

Solution : upgrade your MTA or change it.

Risk factor : High
CVE : CAN-1999-0163


[ back to the list of ports ]

Vulnerability found on port smtp (25/tcp)



The remote SMTP server did not complain when issued the
command :
 MAIL FROM: |testing

This probably means that it is possible to send mail 
that will be bounced to a program, which is 
a serious threat, since this allows anyone to execute 
arbitrary command on this host.

NOTE : ** This security hole might be a false positive, since
 some MTAs will not complain to this test, but instead
 just drop the message silently **

Solution : upgrade your MTA or change it.

Risk factor : High
CVE : CAN-1999-0203


[ back to the list of ports ]

Vulnerability found on port smtp (25/tcp)



The remote SMTP server did not complain when issued the
command :
 MAIL FROM: root на this_host
 RCPT TO: /tmp/nessus_test

This probably means that it is possible to send mail directly
to files, which is a serious threat, since this allows
anyone to overwrite any file on the remote server.

NOTE : ** This security hole might be a false positive, since
 some MTAs will not complain to this test and will
 just drop the message silently. Check for the presence
 of file 'nessus_test' in /tmp ! **

Solution : upgrade your MTA or change it.

Risk factor : High
CVE : CVE-1999-0096


[ back to the list of ports ]

Warning found on port smtp (25/tcp)




The remote STMP server seems to allow remote users to
send mail anonymously by providing a too long argument
to the HELO command (more than 1024 chars).

This problem may allow bad guys to send hate
mail, or threatening mail using your server
and keep their anonymity.

Risk factor : Low.

Solution : If you are using sendmail, upgrade to
version 8.9.x. If you do not run sendmail, contact
your vendor.
CVE : CAN-1999-0098

Насколько это опасно ?


P.s.

В сегодняшнем bugtraq был найден баг 
fetchmail buffer owerflow