Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File smtp-vuln-cve2011-1720

Script types: portrule
Categories: intrusive, vuln
Download: http://nmap.org/svn/scripts/smtp-vuln-cve2011-1720.nse

User Summary

Checks for a memory corruption in the Postfix SMTP server when it uses Cyrus SASL library authentication mechanisms (CVE-2011-1720). This vulnerability can allow denial of service and possibly remote code execution.

Reference:

Script Arguments

smtp.domain

Define the domain to be used in the SMTP EHLO command.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

vulns.showall

See the documentation for the vulns library.

Example Usage

nmap --script=smtp-vuln-cve2011-1720 --script-args='smtp.domain=<domain>' -pT:25,465,587 <host>

Script Output

PORT   STATE SERVICE
25/tcp open  smtp
| smtp-vuln-cve2011-1720:
|   VULNERABLE:
|   Postfix SMTP server Cyrus SASL Memory Corruption
|     State: VULNERABLE
|     IDs:  CVE:CVE-2011-1720  OSVDB:72259
|     Description:
|       The Postfix SMTP server is vulnerable to a memory corruption vulnerability
|       when the Cyrus SASL library is used with authentication mechanisms other
|       than PLAIN and LOGIN.
|     Disclosure date: 2011-05-08
|     Check results:
|       AUTH tests: CRAM-MD5 NTLM
|     Extra information:
|       Available AUTH MECHANISMS:  CRAM-MD5 DIGEST-MD5 NTLM PLAIN LOGIN
|     References:
|       http://www.postfix.org/CVE-2011-1720.html
|       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1720
|_      http://osvdb.org/72259

Requires


Author: Djalal Harouni

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]