[NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server

[Djalal Harouni <tixxdz () opendz org>]

Hi,

Please find attached a script that will try to check and exploit two
vulnerabilities in the Exim SMTP server:
o CVE-2010-4344: heap overflow vulnerability [1]
o CVE-2010-4345: privileges escalation vulnerability [2]

The script was tested against Ubuntu and Debian. x86 architectures were
exploited successfully. On x86_64 the smtpd child will be killed, but
the script can detect this and report it. To enable the exploit use
the 'smtp-vuln-cve2010-4344.exploit' script argument, but keep in mind
that it can send more than 50MB of data (50MB of 'Nmap' payload :) ),
and you should avoid running this script with the debug level -d3.

The privileges escalation vulnerability is exploited only if the heap
overflow exploit succeed, otherwise the script will just check the
versions.
For more information please read the description of the script.


Finally some of the logic of this script is based on the metasploit module:
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-4344
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-4345

-- 
tixxdz
http://opendz.org

Attachment: smtp-vuln-cve2010-4344.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/