<plugin_id>6</plugin_id>
<plugin_name>SMTP ESMTP detection</plugin_name>
<plugin_family>SMTP</plugin_family>
<plugin_created_date>2003/11/13</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/13</plugin_updated_date>
<plugin_version>2.0</plugin_version>
<plugin_changelog>Added the Symantec NetRecon rating in version 1.3. Corrected the plugin structure and added the accuracy values in 1.4. Improved the pattern matching and added the changelog in 2.0.</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>25</plugin_port>
<plugin_procedure_detection>open|sleep|close|pattern_exists 220 *ESMTP*</plugin_procedure_detection>
<plugin_detection_accuracy>90</plugin_detection_accuracy>
<plugin_comment>This plugin was written with the ATK Attack Editor.</plugin_comment>
<bug_affected>Some enhanced mail transfer agents</bug_affected>
<bug_not_affected>Especially older mail transfer agents</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>With banner-grabbing an attacker can see that this mail server supports ESMTP (Extended Simple Mail Transfer Protocol). ESMTP has additional vulnerabilities, so knowing that a network resource supports it permits an attacker to focus their efforts.</bug_description>
<bug_solution>A service if not needed should be de-installed or disabled. If this is not possible, an access control list (ACL) with firewalling should be applied to this port. Do not allow the web server to include sensitive data (e.g. web server name and version) into the 404 Not Found report.</bug_solution>
<bug_fixing_time>30 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Low</bug_severity>
<bug_popularity>9</bug_popularity>
<bug_simplicity>8</bug_simplicity>
<bug_impact>5</bug_impact>
<bug_risk>6</bug_risk>
<bug_netrecon_rating>9</bug_netrecon_rating>
<bug_check_tool>Nessus, Symantec NetRecon, ISS Internet Scanner and Dante Security Scanner are able to do the same or a similar check</bug_check_tool>
<source_literature>Hacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X</source_literature>
<source_misc>http://www.computec.ch</source_misc>