File `smtp-vuln-cve2011-1764`

脚本使用类型: portrule
脚本所属分类: intrusive, vuln
脚本下载地址: http://nmap.org/svn/scripts/smtp-vuln-cve2011-1764.nse

User Summary

Checks for a format string vulnerability in the Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified Mail (DKIM) support (CVE-2011-1764). The DKIM logging mechanism did not use format string specifiers when logging some parts of the DKIM-Signature header field. A remote attacker who is able to send emails, can exploit this vulnerability and execute arbitrary code with the privileges of the Exim daemon.

Reference:

Script Arguments

smtp-vuln-cve2011-1764.mailto

Define the destination email address to be used.

smtp.domain

Define the domain to be used in the SMTP EHLO command.

smtp-vuln-cve2011-1764.mailfrom

Define the source email address to be used.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

vulns.showall

See the documentation for the vulns library.

Example Usage

执行格式

nmap --script=smtp-vuln-cve2011-1764 -pT:25,465,587 <host>

Script Output

PORT   STATE SERVICE
25/tcp open  smtp
| smtp-vuln-cve2011-1764: 
|   VULNERABLE:
|   Exim DKIM format string
|     State: VULNERABLE
|     IDs:  CVE:CVE-2011-1764  OSVDB:72156
|     Risk factor: High  CVSSv2: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
|     Description:
|       Exim SMTP server (version 4.70 through 4.75) with DomainKeys Identified
|       Mail (DKIM) support is vulnerable to a format string. A remote attacker
|       who is able to send emails, can exploit this vulnerability and execute
|       arbitrary code with the privileges of the Exim daemon.
|     Disclosure date: 2011-04-29
|     References:
|       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764
|       http://osvdb.org/72156
|_      http://bugs.exim.org/show_bug.cgi?id=1106

Requires

Author: Djalal Harouni

License: VER007 整理 http://www.ver007.com

File smtp-vuln-cve2011-1764