##############################################################################
#
#  Sendmail Denial Of Service Vulnerability
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2007/04/25
#
#  $Revision: 1.1 $
#
#  $Log: os2a_sendmail_dos_605135.nasl,v $
#  Revision 1.1  2007/04/26 10:47:19  ksjayesh
#  To production
#
#
#  Revision 1.1  2007/04/25 04:30:43  nrnandini
#  issue #4032
#
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################


if(description)
{
 script_id(605135);
 script_bugtraq_id(23606);
 script_cve_id("CVE-2007-2246");
 script_copyright(english:"Copyright (C) 2007 OS2A");
 script_version("$Revision: 1.1 $");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Denial of Service");
 script_name(english:"Sendmail Denial Of Service Vulnerability");
 script_summary(english:"Check for vulnerable version of Sendmail");
 desc["english"] = "
 Overview : This host has Sendmail, an SMTP server daemon used on mail gateways
 and forwarders, installed which is prone to denial of service vulnerability.

 The vulnerability vectors are not known as of April 25th 2007. Information
 will be updated once the details are available. Refer,
 http://www.securityfocus.com/bid/23606/discuss

 Impact : Successful exploitation can lead to application crash, denying
 service to legitimate users.

 The impact is restricted to application level.

 Affected Software : Sendmail versions prior to 8.13.3.

 Affected Platform : Any Linux system running the affected software.

 Solution : Upgrade to Sendmail version 8.13.3,
            http://www.sendmail.org/

 References : http://www.securityfocus.com/bid/23606/discuss

 CVSS Score :
        CVSS Base Score     : 5.0 (AV:R/AC:L/Au:NR/C:N/I:N/A:C/B:A)
        CVSS Temporal Score : 4.3
 Risk factor : Medium";
 script_description(english:desc["english"]);
 script_dependencie("find_service.nes");
 script_require_ports("Services/smtp", 25);
 exit(0);
}


 include("smtp_func.inc");

 smtpPort = get_kb_item("Services/smtp");
 if(!smtpPort){
 	smtpPort = 25;
 }
 if(!get_port_state(smtpPort)){
        exit(0);
 }

 sendmailBanner = get_smtp_banner(port:smtpPort);
 if(sendmailBanner)
 {
 	if(egrep(pattern:"(S|s)endmail ([0-7]\..*|8\.(([0-9]|1[0-2])\..*|13" +
			 "\.[0-2][^0-9]))", string:sendmailBanner)){
 		security_warning(smtpPort);
	}
 }