Sendmail detection 2.0
 
Plugin ID5
Plugin nameSendmail detection
Plugin filenameSendmail detection.plugin
Plugin filesize2736 bytes
Plugin familySMTP
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2003/11/10
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version2.0
Plugin changelogTitle and filename changed in version 1.3. Corrected the plugin structure and added the accuracy values in 1.4. Improved the pattern matching and added the changelog in 2.0
Plugin protocoltcp
Plugin port25
Plugin procedure detectionopen|sleep|close|pattern_exists 220 *Sendmail*
Plugin detection accuracy85
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug affectedSendmail mail transfer agents
Bug not affectedAll other mail transfer agents
Bug vulnerability classConfiguration
Bug descriptionAn attacker who is able to get a direct connection to the port can identify the banner of this mail server as Sendmail. By this knowledge further enumerations and attacks are possible.
Bug solutionA service if not needed should be de-installed or disabled. If this is not possible, an access control list (ACL) with firewalling should be applied to this port. Change the application banner to confuse attackers.
Bug fixing time30 minutes
Bug exploit availabilityYes
Bug remoteYes
Bug localYes
Bug severityLow
Bug popularity8
Bug simplicity8
Bug impact4
Bug risk6
Bug check toolsThere are numerous vulnerabilities in (old) Sendmail versions. Most of them are implemented as checks in the well-known security scanners.
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.