Detecting vulnerable Exim SMTP servers version 4.70 through 4.75

Exim SMTP servers 4.70 through 4.75 with DKIM enabled are vulnerable to a format string bug that allows remote attackers to execute code. Nmap NSE can help penetration testers to detect this vulnerability remotely.

This recipe illustrates the process of exploiting an Exim SMTP server with Nmap.

How to do it...

Open your terminal and type the following command:

$ nmap --script smtp-vuln-cve2011-1764 --script-args mailfrom=<Source address>,mailto=<Destination address>,domain=<domain> -p25,465,587 <target>

If the Exim server is vulnerable, more information will be included in the script output section:

PORT   STATE SERVICE
587/tcp open  submission
| smtp-vuln-cve2011-1764: 
| VULNERABLE: ...

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nmap 6: Network Exploration and Security Auditing Cookbook by Paulino Calderon Pale

Detecting vulnerable Exim SMTP servers version 4.70 through 4.75

How to do it...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly