Vulnerabilities > CVE-2003-0161

# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(11499);
 script_version("1.33");
 script_cvs_date("Date: 2018/09/17 21:46:53");

 script_cve_id("CVE-2003-0161");
 script_bugtraq_id(7230);
  script_xref(name:"RHSA", value:"2003:120-01");

 script_name(english: "Sendmail < 8.12.9 NOCHAR Control Value prescan Overflow");
 script_summary(english:"Checks the version of Sendmail.");

 script_set_attribute(attribute:"synopsis", value:"Arbitrary code may be run on the remote server");
 script_set_attribute(attribute:"description", value:
"The remote Sendmail server, according to its version number,
may be vulnerable to a remote buffer overflow allowing remote
users to gain root privileges.

Sendmail versions from 5.79 to 8.12.8 are vulnerable.

NOTE: manual patches do not change the version numbers.
Vendors who have released patched versions of Sendmail may still
falsely show a vulnerability.

*** Nessus reports this vulnerability using only the banner of the
*** remote SMTP server. Therefore, this might be a false positive.");
  # http://web.archive.org/web/20031202022838/http://www.sendmail.org/patchps.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?91a7a35b");
  script_set_attribute(attribute: "solution", value:
"Upgrade to Sendmail version 8.12.9 or greater.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2003-0161");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/29");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:sendmail:sendmail");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english: "SMTP problems");

  script_dependencies("sendmail_detect.nbin");
  script_require_keys("installed_sw/Sendmail");
  exit(0);
}

include("vcf.inc");

app_info = vcf::get_app_info(app:"Sendmail");

constraints = [{ "min_version" : "5.79", "fixed_version" : "8.12.9" }];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and patch checks in this plugin were 
# extracted from HP patch PHNE_35483. The text itself is
# copyright (C) Hewlett-Packard Development Company, L.P.
#

include("compat.inc");

if (description)
{
  script_id(26133);
  script_version("1.22");
  script_cvs_date("Date: 2019/07/10 16:04:13");

  script_cve_id("CVE-2002-1337", "CVE-2003-0161", "CVE-2003-0681", "CVE-2003-0694", "CVE-2006-0058", "CVE-2007-2246");
  script_bugtraq_id(6991);
  script_xref(name:"CERT-CC", value:"2003-07");
  script_xref(name:"CERT-CC", value:"2003-12");
  script_xref(name:"CERT-CC", value:"2003-25");
  script_xref(name:"CERT", value:"834865");
  script_xref(name:"HP", value:"emr_na-c00629555");
  script_xref(name:"HP", value:"emr_na-c00841370");
  script_xref(name:"HP", value:"emr_na-c00958338");
  script_xref(name:"HP", value:"emr_na-c00958571");
  script_xref(name:"HP", value:"emr_na-c01035741");
  script_xref(name:"HP", value:"HPSBUX00246");
  script_xref(name:"HP", value:"HPSBUX00253");
  script_xref(name:"HP", value:"HPSBUX00281");
  script_xref(name:"HP", value:"HPSBUX02108");
  script_xref(name:"HP", value:"HPSBUX02183");
  script_xref(name:"HP", value:"SSRT061133");
  script_xref(name:"HP", value:"SSRT061243");
  script_xref(name:"HP", value:"SSRT3469");
  script_xref(name:"HP", value:"SSRT3531");
  script_xref(name:"HP", value:"SSRT3631");

  script_name(english:"HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch");
  script_summary(english:"Checks for the patch in the swlist output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote HP-UX host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"s700_800 11.00 sendmail(1M) 8.9.3 patch : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - A potential security vulnerability has been identified
    with HP-UX running sendmail, where the vulnerability may
    be exploited remotely to gain unauthorized access and
    create a Denial of Service (DoS). References: CERT
    CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)

  - A vulnerability has been identified in sendmail which
    may allow a remote attacker to execute arbitrary code.
    References: CVE-2006-0058, US-CERT VU#834865.
    (HPSBUX02108 SSRT061133)

  - A potential security vulnerability has been identified
    with HP-UX running sendmail, where the vulnerability
    could be exploited remotely to gain unauthorized
    privileged access. References: CERT/CC CA-2003-25,
    CAN-2003-0681. (HPSBUX00281 SSRT3631)

  - A potential security vulnerability has been identified
    with HP-UX sendmail, where the vulnerability may be
    exploited remotely to gain unauthorized access or create
    a denial of service (DoS). References: CERT CA-2003-12.
    (HPSBUX00253 SSRT3531)

  - A potential security vulnerability has been identified
    with HP-UX running sendmail. This vulnerability could
    allow a remote user to cause a Denial of Service (DoS).
    (HPSBUX02183 SSRT061243)"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7e44f628"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b715e4f4"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035741
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8ac166f8"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00629555
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f41ededc"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00841370
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6b002323"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install patch PHNE_35483 or subsequent."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2007/01/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25");
  script_set_attribute(attribute:"patch_modification_date", value:"2007/04/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"HP-UX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("hpux.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);

if (!hpux_check_ctx(ctx:"11.00"))
{
  exit(0, "The host is not affected since PHNE_35483 applies to a different OS release.");
}

patches = make_list("PHNE_35483");
foreach patch (patches)
{
  if (hpux_installed(app:patch))
  {
    exit(0, "The host is not affected because patch "+patch+" is installed.");
  }
}


flag = 0;
if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.00")) flag++;
if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.00")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and patch checks in this plugin were 
# extracted from HP patch PHNE_29526. The text itself is
# copyright (C) Hewlett-Packard Development Company, L.P.
#

include("compat.inc");

if (description)
{
  script_id(16898);
  script_version("$Revision: 1.18 $");
  script_cvs_date("$Date: 2017/04/27 13:33:46 $");

  script_cve_id("CVE-2002-1337", "CVE-2003-0161");
  script_bugtraq_id(6991);
  script_xref(name:"CERT-CC", value:"2003-07");
  script_xref(name:"CERT-CC", value:"2003-12");
  script_xref(name:"HP", value:"emr_na-c00958338");
  script_xref(name:"HP", value:"emr_na-c00958571");
  script_xref(name:"HP", value:"HPSBUX00246");
  script_xref(name:"HP", value:"HPSBUX00253");
  script_xref(name:"HP", value:"SSRT3469");
  script_xref(name:"HP", value:"SSRT3531");

  script_name(english:"HP-UX PHNE_29526 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch");
  script_summary(english:"Checks for the patch in the swlist output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote HP-UX host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - A potential security vulnerability has been identified
    with HP-UX sendmail, where the vulnerability may be
    exploited remotely to gain unauthorized access or create
    a denial of service (DoS). References: CERT CA-2003-12.
    (HPSBUX00253 SSRT3531)

  - A potential security vulnerability has been identified
    with HP-UX running sendmail, where the vulnerability may
    be exploited remotely to gain unauthorized access and
    create a Denial of Service (DoS). References: CERT
    CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7e44f628"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b715e4f4"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install patch PHNE_29526 or subsequent."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/08/14");
  script_set_attribute(attribute:"patch_modification_date", value:"2007/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2017 Tenable Network Security, Inc.");
  script_family(english:"HP-UX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("hpux.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);

if (!hpux_check_ctx(ctx:"11.04"))
{
  exit(0, "The host is not affected since PHNE_29526 applies to a different OS release.");
}

patches = make_list("PHNE_29526", "PHNE_30224", "PHNE_34927", "PHNE_35314");
foreach patch (patches)
{
  if (hpux_installed(app:patch))
  {
    exit(0, "The host is not affected because patch "+patch+" is installed.");
  }
}


flag = 0;
if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.04")) flag++;
if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.04")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and patch checks in this plugin were 
# extracted from HP patch PHNE_28409. The text itself is
# copyright (C) Hewlett-Packard Development Company, L.P.
#

include("compat.inc");

if (description)
{
  script_id(16634);
  script_version("$Revision: 1.16 $");
  script_cvs_date("$Date: 2017/04/27 13:33:46 $");

  script_cve_id("CVE-2002-1337", "CVE-2003-0161");
  script_bugtraq_id(6991);
  script_xref(name:"CERT-CC", value:"2003-07");
  script_xref(name:"CERT-CC", value:"2003-12");
  script_xref(name:"HP", value:"emr_na-c00958338");
  script_xref(name:"HP", value:"emr_na-c00958571");
  script_xref(name:"HP", value:"HPSBUX00246");
  script_xref(name:"HP", value:"HPSBUX00253");
  script_xref(name:"HP", value:"HPSBUX0212");
  script_xref(name:"HP", value:"SSRT2432");
  script_xref(name:"HP", value:"SSRT3469");
  script_xref(name:"HP", value:"SSRT3531");

  script_name(english:"HP-UX PHNE_28409 : s700_800 11.22 sendmail(1m) 8.11.1 patch");
  script_summary(english:"Checks for the patch in the swlist output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote HP-UX host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"s700_800 11.22 sendmail(1m) 8.11.1 patch : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - Sendmail Restricted Shell (smrsh) may let local users
    bypass restrictions to execute code.

  - A potential security vulnerability has been identified
    with HP-UX sendmail, where the vulnerability may be
    exploited remotely to gain unauthorized access or create
    a denial of service (DoS). References: CERT CA-2003-12.
    (HPSBUX00253 SSRT3531)

  - A potential security vulnerability has been identified
    with HP-UX running sendmail, where the vulnerability may
    be exploited remotely to gain unauthorized access and
    create a Denial of Service (DoS). References: CERT
    CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7e44f628"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b715e4f4"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install patch PHNE_28409 or subsequent."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/07/11");
  script_set_attribute(attribute:"patch_modification_date", value:"2005/10/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2017 Tenable Network Security, Inc.");
  script_family(english:"HP-UX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("hpux.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);

if (!hpux_check_ctx(ctx:"11.22"))
{
  exit(0, "The host is not affected since PHNE_28409 applies to a different OS release.");
}

patches = make_list("PHNE_28409", "PHNE_29912");
foreach patch (patches)
{
  if (hpux_installed(app:patch))
  {
    exit(0, "The host is not affected because patch "+patch+" is installed.");
  }
}


flag = 0;
if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.22")) flag++;
if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.22")) flag++;
if (hpux_check_patch(app:"InternetSrvcs.INETSVCS2-RUN", version:"B.11.22")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-278. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15115);
  script_version("1.25");
  script_cvs_date("Date: 2019/08/02 13:32:17");

  script_cve_id("CVE-2003-0161");
  script_bugtraq_id(7230);
  script_xref(name:"CERT", value:"897604");
  script_xref(name:"DSA", value:"278");

  script_name(english:"Debian DSA-278-1 : sendmail - char-to-int conversion");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Michal Zalewski discovered a buffer overflow, triggered by a char to
int conversion, in the address parsing code in sendmail, a widely used
powerful, efficient, and scalable mail transport agent. This problem
is potentially remotely exploitable."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2003/dsa-278"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the sendmail packages.

For the stable distribution (woody) this problem has been fixed in
version 8.12.3-6.3.

For the old stable distribution (potato) this problem has been fixed
in version 8.9.3-26."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sendmail");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/04/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"sendmail", reference:"8.9.3-26")) flag++;
if (deb_check(release:"3.0", prefix:"libmilter-dev", reference:"8.12.3-6.3")) flag++;
if (deb_check(release:"3.0", prefix:"sendmail", reference:"8.12.3-6.3")) flag++;
if (deb_check(release:"3.0", prefix:"sendmail-doc", reference:"8.12.3-6.3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and patch checks in this plugin were 
# extracted from HP patch PHNE_35484. The text itself is
# copyright (C) Hewlett-Packard Development Company, L.P.
#

include("compat.inc");

if (description)
{
  script_id(26134);
  script_version("1.23");
  script_cvs_date("Date: 2019/07/10 16:04:13");

  script_cve_id("CVE-2002-1337", "CVE-2003-0161", "CVE-2003-0681", "CVE-2003-0694", "CVE-2006-0058", "CVE-2007-2246");
  script_bugtraq_id(6991);
  script_xref(name:"CERT-CC", value:"2003-07");
  script_xref(name:"CERT-CC", value:"2003-12");
  script_xref(name:"CERT-CC", value:"2003-25");
  script_xref(name:"CERT", value:"834865");
  script_xref(name:"HP", value:"emr_na-c00629555");
  script_xref(name:"HP", value:"emr_na-c00841370");
  script_xref(name:"HP", value:"emr_na-c00958338");
  script_xref(name:"HP", value:"emr_na-c00958571");
  script_xref(name:"HP", value:"emr_na-c01035741");
  script_xref(name:"HP", value:"HPSBUX00246");
  script_xref(name:"HP", value:"HPSBUX00253");
  script_xref(name:"HP", value:"HPSBUX00281");
  script_xref(name:"HP", value:"HPSBUX02108");
  script_xref(name:"HP", value:"HPSBUX02183");
  script_xref(name:"HP", value:"SSRT061133");
  script_xref(name:"HP", value:"SSRT061243");
  script_xref(name:"HP", value:"SSRT3469");
  script_xref(name:"HP", value:"SSRT3531");
  script_xref(name:"HP", value:"SSRT3631");

  script_name(english:"HP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patch");
  script_summary(english:"Checks for the patch in the swlist output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote HP-UX host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"s700_800 11.11 sendmail(1M) 8.9.3 patch : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - A potential security vulnerability has been identified
    with HP-UX running sendmail, where the vulnerability
    could be exploited remotely to gain unauthorized
    privileged access. References: CERT/CC CA-2003-25,
    CAN-2003-0681. (HPSBUX00281 SSRT3631)

  - A vulnerability has been identified in sendmail which
    may allow a remote attacker to execute arbitrary code.
    References: CVE-2006-0058, US-CERT VU#834865.
    (HPSBUX02108 SSRT061133)

  - A potential security vulnerability has been identified
    with HP-UX sendmail, where the vulnerability may be
    exploited remotely to gain unauthorized access or create
    a denial of service (DoS). References: CERT CA-2003-12.
    (HPSBUX00253 SSRT3531)

  - A potential security vulnerability has been identified
    with HP-UX running sendmail. This vulnerability could
    allow a remote user to cause a Denial of Service (DoS).
    (HPSBUX02183 SSRT061243)

  - A potential security vulnerability has been identified
    with HP-UX running sendmail, where the vulnerability may
    be exploited remotely to gain unauthorized access and
    create a Denial of Service (DoS). References: CERT
    CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958338
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7e44f628"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00958571
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b715e4f4"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035741
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8ac166f8"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00629555
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f41ededc"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00841370
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6b002323"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install patch PHNE_35484 or subsequent."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/12/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25");
  script_set_attribute(attribute:"patch_modification_date", value:"2007/04/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"HP-UX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("hpux.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);

if (!hpux_check_ctx(ctx:"11.11"))
{
  exit(0, "The host is not affected since PHNE_35484 applies to a different OS release.");
}

patches = make_list("PHNE_35484", "PHNE_35950", "PHNE_40393");
foreach patch (patches)
{
  if (hpux_installed(app:patch))
  {
    exit(0, "The host is not affected because patch "+patch+" is installed.");
  }
}


flag = 0;
if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.11")) flag++;
if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.11")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2003:121. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(12385);
  script_version ("1.26");
  script_cvs_date("Date: 2019/10/25 13:36:10");

  script_cve_id("CVE-2003-0161");
  script_xref(name:"RHSA", value:"2003:121");

  script_name(english:"RHEL 2.1 : sendmail (RHSA-2003:121)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated Sendmail packages are available to fix a vulnerability that
allows local and possibly remote attackers to gain root privileges.

Sendmail is a widely used Mail Transport Agent (MTA) which is included
in all Red Hat Enterprise Linux distributions.

There is a vulnerability in Sendmail versions 8.12.8 and prior. The
address parser performs insufficient bounds checking in certain
conditions due to a char to int conversion, making it possible for an
attacker to take control of the application. Although no exploit
currently exists, this issue is probably locally exploitable and may
be remotely exploitable.

All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities.

Red Hat would like to thank Michal Zalewski for finding and reporting
this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2003-0161"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2003:121"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-cf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/04/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2003/03/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2003:121";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-8.11.6-26.72")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-cf-8.11.6-26.72")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-devel-8.11.6-26.72")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-doc-8.11.6-26.72")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sendmail / sendmail-cf / sendmail-devel / sendmail-doc");
  }
}

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-290. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15127);
  script_version("1.25");
  script_cvs_date("Date: 2019/08/02 13:32:17");

  script_cve_id("CVE-2003-0161");
  script_bugtraq_id(7230);
  script_xref(name:"CERT", value:"897604");
  script_xref(name:"DSA", value:"290");

  script_name(english:"Debian DSA-290-1 : sendmail-wide - char-to-int conversion");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Michal Zalewski discovered a buffer overflow, triggered by a char to
int conversion, in the address parsing code in sendmail, a widely used
powerful, efficient, and scalable mail transport agent. This problem
is potentially remotely exploitable."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2003/dsa-290"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the sendmail-wide packages.

For the stable distribution (woody) this problem has been fixed in
version 8.12.3+3.5Wbeta-5.4

For the old stable distribution (potato) this problem has been fixed
in version 8.9.3+3.2W-25"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sendmail-wide");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"sendmail-wide", reference:"8.9.3+3.2W-25")) flag++;
if (deb_check(release:"3.0", prefix:"sendmail-wide", reference:"8.12.3+3.5Wbeta-5.4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2003:042. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(14026);
  script_version ("1.21");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2003-0161");
  script_xref(name:"CERT-CC", value:"CA-2003-12");
  script_xref(name:"MDKSA", value:"2003:042-1");

  script_name(english:"Mandrake Linux Security Advisory : sendmail (MDKSA-2003:042-1)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Michal Zalweski discovered a vulnerability in sendmail versions
earlier than 8.12.9 in the address parser, which performs insufficient
bounds checking in certain conditions due to a char to int conversion.
This vulnerability makes it poissible for an attacker to take control
of sendmail and is thought to be remotely exploitable, and very likely
locally exploitable. Updated packages are available with patches
applied (the older versions), and the new fixed version is available
for Mandrake Linux 9.1 users.

Update :

The packages for Mandrake Linux 9.1 and 9.1/PPC were not GPG-signed.
This has been fixed and as a result the md5sums have changed. Thanks
to Mark Lyda for pointing this out."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-cf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/04/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"sendmail-8.12.9-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"sendmail-cf-8.12.9-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"sendmail-devel-8.12.9-1.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"sendmail-doc-8.12.9-1.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");