smtp-vuln-cve2011-1764
脚本使用类型:
portrule
脚本所属分类:
intrusive, vuln
脚本下载地址: http://nmap.org/svn/scripts/smtp-vuln-cve2011-1764.nse
Checks for a format string vulnerability in the Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified Mail (DKIM) support (CVE-2011-1764). The DKIM logging mechanism did not use format string specifiers when logging some parts of the DKIM-Signature header field. A remote attacker who is able to send emails, can exploit this vulnerability and execute arbitrary code with the privileges of the Exim daemon.
Reference:
Define the destination email address to be used.
Define the domain to be used in the SMTP EHLO command.
Define the source email address to be used.
执行格式
nmap --script=smtp-vuln-cve2011-1764 -pT:25,465,587 <host>
PORT STATE SERVICE 25/tcp open smtp | smtp-vuln-cve2011-1764: | VULNERABLE: | Exim DKIM format string | State: VULNERABLE | IDs: CVE:CVE-2011-1764 OSVDB:72156 | Risk factor: High CVSSv2: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Description: | Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified | Mail (DKIM) support is vulnerable to a format string. A remote attacker | who is able to send emails, can exploit this vulnerability and execute | arbitrary code with the privileges of the Exim daemon. | Disclosure date: 2011-04-29 | References: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764 | http://osvdb.org/72156 |_ http://bugs.exim.org/show_bug.cgi?id=1106
Author: Djalal Harouni
License: VER007 整理 http://www.ver007.com