Trying to find a bug in sendmail_redirection.nasl

From: James Davis (jamesdat_private)
Date: Wed Sep 17 2003 - 05:06:55 PDT

  • Next message: Renaud Deraison: "Re: Trying to find a bug in sendmail_redirection.nasl"

    sendmail_redirection.nasl is incorrectly reporting that a system is
    vulnerable when I've manually tested it and it is clearly not. I've
    tracked down the problem to sendmail_redirection.nasl (or possibly ?) not reading the banner send my the server correctly since
    the first read of the socket after calling smtp_recv_banner() is actually
    returning the banner, and not the response to the HELO command.
    Beyond that I've made little progress as to where the bug is and how to
    fix it, so I'd appriciate some help on tracking this down. I've looked
    at the code in sendmail_redirection and smtp_func but can't see any
    obvious error. The output of the SMTP service in question is
    220 hostname ESMTP Sendmail 8.11.6/8.11.6; Wed, 17 Sep 2003
    12:45:05 +0100
    250 hostname Hello [], pleased to meet you
    221 2.0.0 closing connection

    This archive was generated by hypermail 2b30 : Wed Sep 17 2003 - 05:08:05 PDT