[Plugins-writers] Bug in sendmail_dns_map_txt_overflow.nasl?

Previous message: Michel Arboi: "Re: [Plugins-writers] Nessus Script ID 22033 and 22032: Contain a Bug?"
Next in thread: George A. Theall: "Re: [Plugins-writers] Bug in sendmail_dns_map_txt_overflow.nasl?"
Reply: George A. Theall: "Re: [Plugins-writers] Bug in sendmail_dns_map_txt_overflow.nasl?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

erik@private

There seems to be a bug in this plugin (plugin id = 11232).  Here's a  
python session demonstrating against a banner that incorrectly matches.

"""
 >>> re.search('sendmail.*(SMI-.*|8\.([0-9]|10\.|11\.[0-6]|12\.[0-4])| 
[0-7]\.[0-9]*\.[0-9]*)/', 'ESMTP Sendmail 8.13.6.20060614/8.13.1;  
Thu, 13 Jul 2006 18:40:23 -0400', re.I).groups()
('3.6.20060614', None)
 >>> re.search('sendmail +(SMI-.*|8\.([0-9]\.|10\.|11\.[0-6]|12\. 
[0-4])|[0-7]\.[0-9]*\.[0-9]*)', 'ESMTP Sendmail  
8.13.6.20060614/8.13.1; Thu, 13 Jul 2006 18:40:23 -0400', re.I)
 >>>
"""

Changing 'sendmail.*' to 'sendmail +' should make sure the first part  
of the banner's version number is matched.  There's also a \. missing  
in the 8.[0-9] version checks.  A nit, but why try to match all the  
way up to the '/'?  I'd change the whole thing from:

sendmail.*(SMI-.*|8\.([0-9]|10\.|11\.[0-6]|12\.[0-4])|[0-7]\.[0-9]*\. 
[0-9]*)/
to:
sendmail +(SMI-.*|8\.([0-9]\.|10\.|11\.[0-6]|12\.[0-4])|[0-7]\.[0-9]* 
\.[0-9]*)

Best regards,
Erik
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers