o [NSE] Small improvements on the smtp-vuln-cve2011-1764 script:

- Check the port.version.product in the portrule to see if it matches the 'Exim smtpd' - If the script was not able to confirm the vulnerability but the Exim version is between 4.70 and 4.75, then report: "LIKELY VULNERABLE".
2025-12-13 19:29:04 +00:00 · 2011-07-18 11:42:41 +00:00
parent 2c7cad079b
commit 01f4cdd83e
1 changed files with 5 additions and 2 deletions
--- a/scripts/smtp-vuln-cve2011-1764.nse
+++ b/scripts/smtp-vuln-cve2011-1764.nse
@@ -40,6 +40,9 @@ require "smtp"
 require "stdnse"

 portrule = function (host, port)
+  if port.version.product ~= nil and port.version.product ~= "Exim smtpd" then
+     return false
+  end
  return shortport.port_or_service({25, 465, 587},
              {"smtp", "smtps", "submission"})(host, port)
 end
@@ -121,7 +124,7 @@ local function check_exim(smtp_opts)
  local exim_ver_min, exim_ver_max = 4.70, 4.75
  local cve = 'CVE-2011-1764'
  local exim_dkim_str = "Exim DKIM Signatures Format String ("..cve.."):"
-  local exim_dkim_result = ""
+  local exim_dkim_result

  local socket, ret = smtp.connect(smtp_opts.host,
                          smtp_opts.port,
@@ -176,7 +179,7 @@ local function check_exim(smtp_opts)
    return smtp_finish(socket, status, ret)
  elseif ret then
    exim_dkim_result = string.format("  Exim (%s): VULNERABLE", cve)
-  else
+  elseif not exim_dkim_result then
    return smtp_finish(socket, false, 'Exim server seems NOT VULNERABLE.')
  end