Vulnerabilities > CVE-2004-0833 - Unspecified vulnerability in Debian Linux 3.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 12 |
Nessus
NASL family SMTP problems NASL id DEBIAN_SASL_DEFAULT_PWD.NASL description The remote host is running a Sendmail server with a default SASL password of last seen 2020-06-01 modified 2020-06-02 plugin id 14832 published 2004-09-28 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14832 title Debian GNU/Linux Sendmail Default SASL Password code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(14832); script_version("1.16"); script_cvs_date("Date: 2018/07/10 14:27:33"); script_bugtraq_id(11262); script_cve_id("CVE-2004-0833"); script_name(english:"Debian GNU/Linux Sendmail Default SASL Password"); script_summary(english:"Checks SMTP authentication"); script_set_attribute( attribute:"synopsis", value:"The remote SMTP server has an account with a default password." ); script_set_attribute( attribute:"description", value: "The remote host is running a Sendmail server with a default SASL password of 'sendmail' / 'sendmailpwd'. A spammer may use this account to use the remote server as a spam relay for the internet." ); script_set_attribute(attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-554"); script_set_attribute(attribute:"solution", value:"Disable this account or secure it with a strong password."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/28"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux"); script_end_attributes(); script_category(ACT_ATTACK); script_family(english:"SMTP problems"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencie("smtpserver_detect.nasl"); script_exclude_keys("global_settings/supplied_logins_only"); script_require_ports("Services/smtp", 25); exit(0); } # # The script code starts here # include("audit.inc"); include("global_settings.inc"); include("smtp_func.inc"); include("misc_func.inc"); if ( ! defined_func("HMAC_MD5") ) exit(0); user = "sendmail"; pass = "sendmailpwd"; port = get_service(svc:"smtp", default: 25, exit_on_fail: 1); if (get_kb_item('SMTP/'+port+'/broken')) exit(0); if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY); soc = open_sock_tcp(port); if (!soc) audit(AUDIT_SOCK_FAIL, port); banner = smtp_recv_banner(socket:soc); if ( ! banner ) exit(0); if ( "Sendmail" >!< banner ) exit(0); send(socket:soc, data:'EHLO there\r\n'); r = smtp_recv_line(socket:soc); send(socket:soc, data:'AUTH CRAM-MD5\r\n'); r = smtp_recv_line(socket:soc); if ( !ereg(pattern:"^334 ", string:r) ) exit(0); challenge = ereg_replace(pattern:"^334 (.*)", string:chomp(r), replace:"\1"); hash = HMAC_MD5(data:base64_decode(str:challenge), key:pass); data = base64(str:user + " " + hexstr(hash)); send(socket:soc, data:data + '\r\n'); r = smtp_recv_line(socket:soc); close(soc); if ( ereg(pattern:"^235 ", string:r) ) security_hole(port);
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-554.NASL description Hugo Espuny discovered a problem in sendmail, a commonly used program to deliver electronic mail. When installing last seen 2020-06-01 modified 2020-06-02 plugin id 15391 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15391 title Debian DSA-554-1 : sendmail - pre-set password code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-554. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15391); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-0833"); script_xref(name:"DSA", value:"554"); script_name(english:"Debian DSA-554-1 : sendmail - pre-set password"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Hugo Espuny discovered a problem in sendmail, a commonly used program to deliver electronic mail. When installing 'sasl-bin' to use sasl in connection with sendmail, the sendmail configuration script use fixed user/pass information to initialise the sasl database. Any spammer with Debian systems knowledge could utilise such a sendmail installation to relay spam." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-554" ); script_set_attribute( attribute:"solution", value: "Upgrade the sendmail package. For the stable distribution (woody) this problem has been fixed in version 8.12.3-7.1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sendmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"libmilter-dev", reference:"8.12.3-7.1")) flag++; if (deb_check(release:"3.0", prefix:"sendmail", reference:"8.12.3-7.1")) flag++; if (deb_check(release:"3.0", prefix:"sendmail-doc", reference:"8.12.3-7.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");