* [mdk-re] Nessus results @ 2001-06-22 12:21 Artem Pastuchov 2001-06-22 13:19 ` Dmitry V. Levin 0 siblings, 1 reply; 3+ messages in thread From: Artem Pastuchov @ 2001-06-22 12:21 UTC (permalink / raw) To: mandrake-russian Добрый день Я тут прошелся сабжем по свежепоставленному спрингу , и ему очень не понравился postfix : Vulnerability found on port smtp (25/tcp) The remote SMTP server did not complain when issued the command : MAIL FROM: root@this_host RCPT TO: |testing This probably means that it is possible to send mail directly to programs, which is a serious threat, since this allows anyone to execute arbitrary command on this host. NOTE : ** This security hole might be a false positive, since some MTAs will not complain to this test, and instead will just drop the message silently ** Solution : upgrade your MTA or change it. Risk factor : High CVE : CAN-1999-0163 [ back to the list of ports ] Vulnerability found on port smtp (25/tcp) The remote SMTP server did not complain when issued the command : MAIL FROM: |testing This probably means that it is possible to send mail that will be bounced to a program, which is a serious threat, since this allows anyone to execute arbitrary command on this host. NOTE : ** This security hole might be a false positive, since some MTAs will not complain to this test, but instead just drop the message silently ** Solution : upgrade your MTA or change it. Risk factor : High CVE : CAN-1999-0203 [ back to the list of ports ] Vulnerability found on port smtp (25/tcp) The remote SMTP server did not complain when issued the command : MAIL FROM: root@this_host RCPT TO: /tmp/nessus_test This probably means that it is possible to send mail directly to files, which is a serious threat, since this allows anyone to overwrite any file on the remote server. NOTE : ** This security hole might be a false positive, since some MTAs will not complain to this test and will just drop the message silently. Check for the presence of file 'nessus_test' in /tmp ! ** Solution : upgrade your MTA or change it. Risk factor : High CVE : CVE-1999-0096 [ back to the list of ports ] Warning found on port smtp (25/tcp) The remote STMP server seems to allow remote users to send mail anonymously by providing a too long argument to the HELO command (more than 1024 chars). This problem may allow bad guys to send hate mail, or threatening mail using your server and keep their anonymity. Risk factor : Low. Solution : If you are using sendmail, upgrade to version 8.9.x. If you do not run sendmail, contact your vendor. CVE : CAN-1999-0098 Насколько это опасно ? P.s. В сегодняшнем bugtraq был найден баг fetchmail buffer owerflow ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [mdk-re] Nessus results 2001-06-22 12:21 [mdk-re] Nessus results Artem Pastuchov @ 2001-06-22 13:19 ` Dmitry V. Levin 2001-06-22 15:38 ` Artem K. Jouravsky 0 siblings, 1 reply; 3+ messages in thread From: Dmitry V. Levin @ 2001-06-22 13:19 UTC (permalink / raw) To: ALT Linux Spring mailing list [-- Attachment #1: Type: text/plain, Size: 3216 bytes --] Greetings! On Fri, Jun 22, 2001 at 12:29:24PM +0400, Artem Pastuchov wrote: > Я тут прошелся сабжем по свежепоставленному спрингу , > и ему очень не понравился postfix : <skip> > The remote SMTP server did not complain when issued the > command : > MAIL FROM: root@this_host > RCPT TO: |testing > > This probably means that it is possible to send mail directly > to programs, which is a serious threat, since this allows > anyone to execute arbitrary command on this host. > > NOTE : ** This security hole might be a false positive, since > some MTAs will not complain to this test, and instead will > just drop the message silently ** date server postfix/local[pid]: id: to=<|testing@server>, relay=local, delay=1, status=bounced (unknown user: "|testing") > The remote SMTP server did not complain when issued the > command : > MAIL FROM: |testing > > This probably means that it is possible to send mail > that will be bounced to a program, which is > a serious threat, since this allows anyone to execute > arbitrary command on this host. > > NOTE : ** This security hole might be a false positive, since > some MTAs will not complain to this test, but instead > just drop the message silently ** см. предыдущий лог. > The remote SMTP server did not complain when issued the > command : > MAIL FROM: root@this_host > RCPT TO: /tmp/nessus_test > > This probably means that it is possible to send mail directly > to files, which is a serious threat, since this allows > anyone to overwrite any file on the remote server. > > NOTE : ** This security hole might be a false positive, since > some MTAs will not complain to this test and will > just drop the message silently. Check for the presence > of file 'nessus_test' in /tmp ! ** date server postfix/local[pid]: id: to=</tmp/nessus_test@server>, relay=local, delay=1, status=bounced (unknown user: "/tmp/nessus_test") > The remote STMP server seems to allow remote users to > send mail anonymously by providing a too long argument > to the HELO command (more than 1024 chars). > > This problem may allow bad guys to send hate > mail, or threatening mail using your server > and keep their anonymity. > Насколько это опасно ? Resume: Неумение пользоваться security scaner'aми. Risk factor : High. Solution : Учиться, учиться, учиться, ... :) > P.s. > > В сегодняшнем bugtraq был найден баг > fetchmail buffer owerflow Последние сообщения в BUGTRAQ про fetchmail касались довольно старых версий, более старых, чем та, которая вошла в Spring. Впрочем, за последние 10 дней вышло уже 3 версии fetchmail, исправляющие разные buffer overrun'ы. Боюсь, что на этом история не закончилась. :( Так что проявляйте осторожность в использовании fetchmail. Никогда не запускайте его под рутом. Как только ситуация устаканится, будет обновление в updates. Regards, Dmitry +-------------------------------------------------------------------------+ Dmitry V. Levin mailto://ldv@alt-linux.org ALT Linux Team http://www.altlinux.ru/ Fandra Project http://www.fandra.org/ +-------------------------------------------------------------------------+ UNIX is user friendly. It's just very selective about who its friends are. [-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [mdk-re] Nessus results 2001-06-22 13:19 ` Dmitry V. Levin @ 2001-06-22 15:38 ` Artem K. Jouravsky 0 siblings, 0 replies; 3+ messages in thread From: Artem K. Jouravsky @ 2001-06-22 15:38 UTC (permalink / raw) To: mandrake-russian Здравствуйте, "Dmitry V. Levin" <ldv@alt-linux.org>! От Fri, 22 Jun 2001 13:31:46 +0400 вы писали на тему Re: [mdk-re] Nessus results: <skipped> DL> Последние сообщения в BUGTRAQ про fetchmail касались довольно старых DL> версий, более старых, чем та, которая вошла в Spring. Впрочем, за DL> последние 10 дней вышло уже 3 версии fetchmail, исправляющие разные DL> buffer overrun'ы. Боюсь, что на этом история не DL> закончилась. :( DL> Так что проявляйте осторожность в использовании fetchmail. DL> Никогда не запускайте его под рутом. DL> Как только ситуация устаканится, будет обновление в updates. А в списке секурити про это было или нет? Я понять не могу, то ли я так и не подписался на него то ли он просто молчаливый такой... ------ Best wishes, +----------------------+--------------------------+ | ."-. | Work: +7-(095)-229-4278 | | /X | _o.----. _ | ICQ: 103399444 | |/\_ \/ / __ \_// ) | Artem K. Jouravsky | |\__)-/_/\_____)____/ | http://www.ifirst.ru/ | +----------------------+--------------------------+ ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2001-06-22 15:38 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2001-06-22 12:21 [mdk-re] Nessus results Artem Pastuchov 2001-06-22 13:19 ` Dmitry V. Levin 2001-06-22 15:38 ` Artem K. Jouravsky
ALT Linux Community general discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 community community/ http://lore.altlinux.org/community \ mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com public-inbox-index community Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.community AGPL code for this site: git clone https://public-inbox.org/public-inbox.git