Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
sendmail_expn.nasl
dennis.jackson at ndirect
Feb 11, 2008, 10:30 AM
Post #1 of 2 (2244 views)
Permalink
Three things:

(1)
sendmail_expn.nasl attempts to include the results of "EXPN root" and "VRFY root" in the warning message.

However, this is done with the named parameter "extra" to the function "securtiy_warning". The function "security_warning" doesn't include a named parameter "extra". The warning message never includes the results of the "EXPN root" and "VRFY root" commands.

The output from the test should be concatenated onto the end of the description.

(2)
If the "EXPN root" command succeeds then sendmail_expn.nasl does not attempt the VRFY command. While it is likely that a mailer will support both commands or neither command surely sendmail_expn.nasl should perform both checks.

(3)
Is the "VRFY random" used to detect if the mailer merely echoes all usernames back regardless of whether they are valid or not. This test doesn't seem to work. I have just tried it against a mailer and got
VRFY root
250 2.1.5 Super-User <root@mailer.target.com>
VRFY random7678
550 5.1.1 random7678.... User unknown
But sendmail_expn.nasl doesn't report a problem. Should the random check be just for a 250 response?


_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: sendmail_expn.nasl [ In reply to ]
theall at tenablesecurity
Feb 12, 2008, 4:21 AM
Post #2 of 2 (2121 views)
Permalink
On Feb 11, 2008, at 1:30 PM, Dennis Jackson wrote:

> sendmail_expn.nasl attempts to include the results of "EXPN root"
> and "VRFY root" in the warning message.
>
> However, this is done with the named parameter "extra" to the
> function "securtiy_warning". The function "security_warning" doesn't
> include a named parameter "extra".

This works in Nessus 3.

> If the "EXPN root" command succeeds then sendmail_expn.nasl does not
> attempt the VRFY command. While it is likely that a mailer will
> support both commands or neither command surely sendmail_expn.nasl
> should perform both checks.

Good point.

> Is the "VRFY random" used to detect if the mailer merely echoes all
> usernames back regardless of whether they are valid or not. This
> test doesn't seem to work. I have just tried it against a mailer and
> got
> VRFY root
> 250 2.1.5 Super-User <root@mailer.target.com>
> VRFY random7678
> 550 5.1.1 random7678.... User unknown
> But sendmail_expn.nasl doesn't report a problem. Should the random
> check be just for a 250 response?


We want to avoid flagging a server that responds like:

VRFY root -> 250 not implemented
VRFY random1496 -> 250 not implemented

or replace 250 with 550

I have committed some changes to try VRFY even if EXPN succeeds and to
additionally require the response codes differ. The updated plugin
should become available in the next couple of hours.


George
--
theall@tenablesecurity.com



_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal