Re: sendmail_expn Patch

From: Noam Rathaus (noamrat_private)
Date: Sat Feb 09 2002 - 13:21:33 PST

Next message: Michel Arboi: "whisker plugin is insecure"

Previous message: Michael Scheidell: "Re: sendmail_expn Patch"
In reply to: Michael Scheidell: "Re: sendmail_expn Patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Yes this would be a better patch, Renaud can you please patch the
appropriate file for us? (Replace the "550" with "502"|"550")

Thanks
Noam Rathaus
http://www.BeyondSecurity.com
http://www.SecuriTeam.com

----- Original Message -----
From: "Michael Scheidell" <scheidellat_private>
To: "Noam Rathaus" <noamrat_private>; "Nessus Plugins Writers"
<plugins-writersat_private>
Sent: Saturday, February 09, 2002 15:43
Subject: Re: sendmail_expn Patch


> I also find a sendmail host that replies 502 and not 550:
> 220 cob342.netlimited.net ESMTP Sendmail 8.10.2/8.10.2; Sat, 9 Feb 2002
> 03:59:12 -0800
> 250 cob342.netlimited.net Hello mail.fdma.com [216.241.67.73], pleased to
> meet you
> 502 5.7.0 Sorry, we do not allow this operation
> quit
>
> manbe this patch should reflect the beginning '5' and not look for 550?
> maybe 550 and 502?
>
> Michael Scheidell
> SECNAP Network Security, LLC
> (561) 368-9561 scheidellat_private
> http://www.secnap.net
> ----- Original Message -----
> From: "Noam Rathaus" <noamrat_private>
> To: "Nessus Plugins Writers" <plugins-writersat_private>
> Sent: Sunday, February 03, 2002 5:07 PM
> Subject: sendmail_expn Patch
>
>
> > Hi,
> >
> > Some host respond with a "250 User ok" for any given user, this patch
will
> > try and detect it.
> >
> > Index: sendmail_expn.nasl
> > ===================================================================
> > RCS file: /usr/local/cvs/nessus-plugins/scripts/sendmail_expn.nasl,v
> > retrieving revision 1.21
> > diff -r1.21 sendmail_expn.nasl
> > 115d114
> > <
> > 117,118c116,120
> > <
> > <   if(ereg(string:r, pattern:"^(250|550).*$"))
> > ---
> > >   s = string("EXPN random_user", rand(), "\r\n");
> > >   send(socket:soc, data:s);
> > >   r2 = recv(socket:soc, length:1024);
> > >
> > >   if((ereg(string:r, pattern:"^(250|550).*$")) && !(ereg(string:r2,
> > pattern:"^(250|550).*$")))
> > 132c134,139
> > <       if(ereg(string:r, pattern:"^(250|550).*$"))
> > ---
> > >
> > >         s = string("VRFY random_user", rand(), "\r\n");
> > >         send(socket:soc, data:s);
> > >         r2 = recv_line(socket:soc, length:1024);
> > >
> > >       if((ereg(string:r, pattern:"^(250|550).*$")) &&
!(ereg(string:r2,
> > pattern:"^(250|550).*$")))
> > 139a147
> > >
> >
> > Thanks
> > Noam Rathaus
> > http://www.BeyondSecurity.com
> > http://www.SecuriTeam.com
> >
> >
>
>

Next message: Michel Arboi: "whisker plugin is insecure"
Previous message: Michael Scheidell: "Re: sendmail_expn Patch"
In reply to: Michael Scheidell: "Re: sendmail_expn Patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Feb 09 2002 - 13:20:58 PST