Mailing List Archive

Hi

Can't SMTP relay also be "patched" on non Exchange?
It can be easily made into a different plugin, but it could cause also other
servers to be detected as problematic.

Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
----- Original Message -----
From: "H D Moore" <hdm@digitaloffense.net>
To: "Noam Rathaus" <noamr@beyondsecurity.com>; "Nessus Plugin Mailing List"
<plugins-writers@list.nessus.org>
Sent: Monday, March 04, 2002 02:53
Subject: Re: SMTP Relay Diffs


> Shouldn't this be put into a separate plugin, as it addresses a specific
> problem with a particular service and can be patched (as opposed to a
> misconfigured SMTP server which allows relays)?
>
>
> On Sunday 03 March 2002 02:49 am, Noam Rathaus wrote:
> > Hi,
> >
> > I added a check for the Microsoft AUTH relaying bypass.
> > If someone spots a problem please let me know.
> >
> > Index: smtp_relay.nasl
> > ===================================================================
> > RCS file: /usr/local/cvs/nessus-plugins/scripts/smtp_relay.nasl,v
> > retrieving revision 1.14
> > diff -r1.14 smtp_relay.nasl
> > 83,86c83,104
> > < if(i == "250 "){
> > < security_warning(port);
> > < set_kb_item(name:"SMTP/spam", value:TRUE);
> > < }
> > ---
> >
> > > if(i == "250 ")
> > > {
> > > security_warning(port);
> > > set_kb_item(name:"SMTP/spam", value:TRUE);
> > > }
> > > else
> > > {
> > > crp = string("AUTH NTLM <etc, etc>\r\n");
> > > send(socket:soc, data:crp);
> > > i = recv_line(socket:soc, length:4);
> > > if (i == "334 ")
> > > {
> > > crp = string("RCPT TO: test_2@nessus.org\r\n");
> > > send(socket:soc, data:crp);
> > > i = recv_line(socket:soc, length:4);
> > > if(i == "250 ")
> > > {
> > > security_warning(port);
> > > set_kb_item(name:"SMTP/spam", value:TRUE);
> > > }
> > > }
> > > }
> >
> > Thanks
> > Noam Rathaus
> > CTO
> > Beyond Security Ltd
> > http://www.SecurITeam.com
> > http://www.BeyondSecurity.com
>

Shouldn't this be put into a separate plugin, as it addresses a specific
problem with a particular service and can be patched (as opposed to a
misconfigured SMTP server which allows relays)?


On Sunday 03 March 2002 02:49 am, Noam Rathaus wrote:
> Hi,
>
> I added a check for the Microsoft AUTH relaying bypass.
> If someone spots a problem please let me know.
>
> Index: smtp_relay.nasl
> ===================================================================
> RCS file: /usr/local/cvs/nessus-plugins/scripts/smtp_relay.nasl,v
> retrieving revision 1.14
> diff -r1.14 smtp_relay.nasl
> 83,86c83,104
> < if(i == "250 "){
> < security_warning(port);
> < set_kb_item(name:"SMTP/spam", value:TRUE);
> < }
> ---
>
> > if(i == "250 ")
> > {
> > security_warning(port);
> > set_kb_item(name:"SMTP/spam", value:TRUE);
> > }
> > else
> > {
> > crp = string("AUTH NTLM <etc, etc>\r\n");
> > send(socket:soc, data:crp);
> > i = recv_line(socket:soc, length:4);
> > if (i == "334 ")
> > {
> > crp = string("RCPT TO: test_2@nessus.org\r\n");
> > send(socket:soc, data:crp);
> > i = recv_line(socket:soc, length:4);
> > if(i == "250 ")
> > {
> > security_warning(port);
> > set_kb_item(name:"SMTP/spam", value:TRUE);
> > }
> > }
> > }
>
> Thanks
> Noam Rathaus
> CTO
> Beyond Security Ltd
> http://www.SecurITeam.com
> http://www.BeyondSecurity.com