Mailing List Archive: Bug in sendmail_dns_map_txt

There seems to be a bug in this plugin (plugin id = 11232). Here's a
python session demonstrating against a banner that incorrectly matches.

"""
>>> re.search('sendmail.*(SMI-.*|8\.([0-9]|10\.|11\.[0-6]|12\.[0-4])|
[0-7]\.[0-9]*\.[0-9]*)/', 'ESMTP Sendmail 8.13.6.20060614/8.13.1;
Thu, 13 Jul 2006 18:40:23 -0400', re.I).groups()
('3.6.20060614', None)
>>> re.search('sendmail +(SMI-.*|8\.([0-9]\.|10\.|11\.[0-6]|12\.
[0-4])|[0-7]\.[0-9]*\.[0-9]*)', 'ESMTP Sendmail
8.13.6.20060614/8.13.1; Thu, 13 Jul 2006 18:40:23 -0400', re.I)
>>>
"""

Changing 'sendmail.*' to 'sendmail +' should make sure the first part
of the banner's version number is matched. There's also a \. missing
in the 8.[0-9] version checks. A nit, but why try to match all the
way up to the '/'? I'd change the whole thing from:

sendmail.*(SMI-.*|8\.([0-9]|10\.|11\.[0-6]|12\.[0-4])|[0-7]\.[0-9]*\.
[0-9]*)/
to:
sendmail +(SMI-.*|8\.([0-9]\.|10\.|11\.[0-6]|12\.[0-4])|[0-7]\.[0-9]*
\.[0-9]*)

Best regards,
Erik
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers