Nessus Plugin #11088
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
Sendmail debug mode leak
- Family:
- SMTP problems
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2002 Michel Arboi
- Summary:
- Checks the version number for 'debug mode leak'
- Version:
- $Revision: 1.7 $
- Cve_id:
- CAN-2001-0715
- Bugtraq_id:
- 3898
- Xrefs:
- -
- Description:
According to the version number of the remote mail server,
a local user may be able to obtain the complete mail configuration
and other interesting information about the mail queue even if
he is not allowed to access those information directly, by running
sendmail -q -d0-nnnn.xxx
where nnnn & xxx are debugging levels.
If users are not allowed to process the queue (which is the default)
then you are not vulnerable.
Solution : upgrade to the latest version of Sendmail or
do not allow users to process the queue (RestrictQRun option)
Risk factor : Low
Note : This vulnerability is _local_ only
Generiert am 27.04.2005 um 18:49:54 Uhr.