Mailing List Archive

On Apr 25, 2006, at 6:33 PM, Flickema, Drew W. wrote:

>
> I've seen local check nasl(s) for CVE 2006-0058, but have not seen a
> remote detect nasl. Is there any effort with this? I have only found
> the original PoC code, but the author, jack@rapturesecurity.org states
> it does not really work well. Is there a working exploit available
> and
> is it safe or does it crash the service?

It is possible to distinguish a patched and unpatched server, however
the default timeout for this operation on many sendmail servers is
set to 3600 seconds, which makes such a plugin impractical. Also, a
banner check definitely is out of the question since every vendor
backported the fixes (and compiling sendmail is no fun).

The Tenable Passive Vulnerability Scanner has a plugin for this flaw
-- one of the advantages of being passive is that you're never really
time-constrained.


-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

On 4/26/06, Renaud Deraison <deraison@nessus.org> wrote:
>
> It is possible to distinguish a patched and unpatched server, however
> the default timeout for this operation on many sendmail servers is
> set to 3600 seconds, which makes such a plugin impractical. Also, a
> banner check definitely is out of the question since every vendor
> backported the fixes (and compiling sendmail is no fun).
>

According to the Sun Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1:

"The Solaris 9 and 10 patches which address this issue will update
sendmail directly to version 8.13.6+Sun"

That would seem to make a banner check worthwhile.
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers