Sendmail and Postfix Version Vulnerability Check

漏洞信息

漏洞名称: Sendmail and Postfix Version Vulnerability Check

漏洞类型: 配置问题

漏洞等级: 中危

漏洞描述: Sendmail和Postfix是广泛使用的邮件传输代理(MTA),负责电子邮件的路由和传递。Sendmail是一个历史悠久的MTA,而Postfix则是一个更为现代的替代品,两者在企业和个人服务器中都有广泛部署。由于它们在邮件处理中的核心作用,任何安全漏洞都可能导致严重的安全问题。该模板用于检查Sendmail和Postfix的版本是否存在已知的安全漏洞,如缓冲区溢出、权限提升或信息泄露等。这些漏洞可能由于未及时更新补丁而存在,攻击者可以利用这些漏洞进行远程代码执行或获取敏感信息。该检查通过检测进程存在和版本标识符来帮助确定补丁状态,从而评估系统的安全性。由于这些服务通常以高权限运行,成功利用漏洞可能导致系统完全被控制。因此,及时更新和维护这些服务至关重要。

产品名称: Sendmail, Postfix

来源: https://github.com/projectdiscovery/nuclei-templates/blob/dfc176303ffebe3d9f231045fa3abe2cf2ca9874/misconfiguration%2Flinux%2Fcheck-sendmail-postfix-version.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

id: check-sendmail-postfix-version

info:
  name: Sendmail and Postfix Version Vulnerability Check
  author: songyaeji
  severity: medium
  description: >
    This template checks if the versions of Sendmail and Postfix are being used and whether they are likely outdated.
    Unpatched versions may contain critical vulnerabilities such as buffer overflows, privilege escalation, or information disclosure.
    It checks process presence and version indicators to help determine patch status.
  reference:
    - https://isms.kisa.or.kr
    - Cloud Vulnerability Assessment Guide(2024) by KISA
  tags: linux,sendmail,postfix,version,local
  metadata:
    verified: true
    os: linux
    max-request: 3
  classification:
    cvss-metrics: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.8
    cwe-id: CWE-937

self-contained: true
code:
  - engine:
      - bash
    source: |
      ps -ef | grep sendmail | grep -v grep || echo "sendmail-not-running"
    matchers:
      - type: word
        part: code_1_response
        words:
          - "sendmail"
        condition: contains

  - engine:
      - bash
    source: |
      cat /etc/mail/sendmail.cf 2>/dev/null | grep "^DZ" || echo "no-dz-entry"
    matchers:
      - type: word
        part: code_2_response
        words:
          - "DZ"
        condition: contains

  - engine:
      - bash
    source: |
      systemctl status postfix 2>/dev/null | grep "postfix" || echo "postfix-not-running"
    matchers:
      - type: word
        part: code_3_response
        words:
          - "postfix"
        condition: contains

  - engine:
      - bash
    source: |
      postfix status 2>/dev/null | grep "postfix-script" || echo "no-script"
    matchers:
      - type: word
        part: code_4_response
        words:
          - "postfix-script"
        condition: contains

  - engine:
      - bash
    source: |
      postconf -d 2>/dev/null | grep mail_version || echo "no-mail-version"
    matchers:
      - type: word
        part: code_5_response
        words:
          - "mail_version"
        condition: contains

Github Poc
#projectdiscovery/nuclei-templates:github issues #配置问题
Sendmail and Postfix Version Vulnerability Check
http://example.com/2025/07/31/github_773083092/
作者
lianccc
发布于
2025年7月31日
许可协议