[prev in list] [next in list] [prev in thread] [next in thread] 

List:       saint-users
Subject:    Re: Snedmail vulnerability / export?
From:       Sven Reimers <reimers () tu-harburg ! de>
Date:       2000-01-25 10:41:30
[Download RAW message or body]

Thank you very much for your detailed
description. All questions (so far) answered.

Again thanks

Sven


Sam Kline wrote:

> >  Make sure the Sendmail command EXPN is off
> >  Make sure the Sendmail command VRFY is off
> >  Sendmail uses EHLO, so server can use ESMTP
>
> SAINT does these checks by sending a
> "HELP" command to the smtp port on the
> target machine, and seeing whether EXPN,
> VRFY, and EHLO are recognized commands.
> Since this method doesn't indicate whether
> or not these commands are actually permitted,
> you will continue to see a "brown" vulnerability
> even after applying the fixes.  (In general,
> "brown" vulnerabilities are those which cannot
> be confirmed by a network scan.)  This
> check might be re-coded in a future version of
> SAINT to better check for these vulnerabilities.
>
> >
> > Exports xxxxx to everyone .
> >
> Are you running SAINT from one of the
> hosts which is allowed to mount xxxxx?
> If so, that's why you are getting the false
> alarm.  Try running SAINT in "trusted host"
> mode.  This can be done either from
> the Configuration Management form, or
> by setting $untrusted_host = 0 in saint.cf,
> or with the -U command line option.
>
> Sam Kline
> Information Security Specialist
> World Wide Digital Security, Inc.

[prev in list] [next in list] [prev in thread] [next in thread]