File smtp-vuln-cve2011-1720
Script types:
portrule
Categories:
intrusive, vuln
Download: http://nmap.org/svn/scripts/smtp-vuln-cve2011-1720.nse
User Summary
Checks for a memory corruption in the Postfix SMTP server when it uses Cyrus SASL library authentication mechanisms (CVE-2011-1720). This vulnerability can allow denial of service and possibly remote code execution.
Reference:
Script Arguments
smtp.domain
Define the domain to be used in the SMTP EHLO command.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.vulns.showall
See the documentation for the vulns library.Example Usage
nmap --script=smtp-vuln-cve2011-1720 --script-args='smtp.domain=<domain>' -pT:25,465,587 <host>
Script Output
PORT STATE SERVICE 25/tcp open smtp | smtp-vuln-cve2011-1720: | VULNERABLE: | Postfix SMTP server Cyrus SASL Memory Corruption | State: VULNERABLE | IDs: CVE:CVE-2011-1720 OSVDB:72259 | Description: | The Postfix SMTP server is vulnerable to a memory corruption vulnerability | when the Cyrus SASL library is used with authentication mechanisms other | than PLAIN and LOGIN. | Disclosure date: 2011-05-08 | Check results: | AUTH tests: CRAM-MD5 NTLM | Extra information: | Available AUTH MECHANISMS: CRAM-MD5 DIGEST-MD5 NTLM PLAIN LOGIN | References: | http://www.postfix.org/CVE-2011-1720.html | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1720 |_ http://osvdb.org/72259
Requires
Author: Djalal Harouni
License: Same as Nmap--See http://nmap.org/book/man-legal.html