Hi,
Some host respond with a "250 User ok" for any given user, this patch will
try and detect it.
Index: sendmail_expn.nasl
===================================================================
RCS file: /usr/local/cvs/nessus-plugins/scripts/sendmail_expn.nasl,v
retrieving revision 1.21
diff -r1.21 sendmail_expn.nasl
115d114
<
117,118c116,120
<
< if(ereg(string:r, pattern:"^(250|550).*$"))
---
> s = string("EXPN random_user", rand(), "\r\n");
> send(socket:soc, data:s);
> r2 = recv(socket:soc, length:1024);
>
> if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
pattern:"^(250|550).*$")))
132c134,139
< if(ereg(string:r, pattern:"^(250|550).*$"))
---
>
> s = string("VRFY random_user", rand(), "\r\n");
> send(socket:soc, data:s);
> r2 = recv_line(socket:soc, length:1024);
>
> if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
pattern:"^(250|550).*$")))
139a147
>
Thanks
Noam Rathaus
http://www.BeyondSecurity.com
http://www.SecuriTeam.com
Some host respond with a "250 User ok" for any given user, this patch will
try and detect it.
Index: sendmail_expn.nasl
===================================================================
RCS file: /usr/local/cvs/nessus-plugins/scripts/sendmail_expn.nasl,v
retrieving revision 1.21
diff -r1.21 sendmail_expn.nasl
115d114
<
117,118c116,120
<
< if(ereg(string:r, pattern:"^(250|550).*$"))
---
> s = string("EXPN random_user", rand(), "\r\n");
> send(socket:soc, data:s);
> r2 = recv(socket:soc, length:1024);
>
> if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
pattern:"^(250|550).*$")))
132c134,139
< if(ereg(string:r, pattern:"^(250|550).*$"))
---
>
> s = string("VRFY random_user", rand(), "\r\n");
> send(socket:soc, data:s);
> r2 = recv_line(socket:soc, length:1024);
>
> if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
pattern:"^(250|550).*$")))
139a147
>
Thanks
Noam Rathaus
http://www.BeyondSecurity.com
http://www.SecuriTeam.com