[Esd-l] Detection rule for sendmail header exploit

Brett Glass brett at lariat.org
Wed Mar 5 11:57:06 PST 2003


So, what's the complete, correct recipe here? 

--Brett

At 08:24 AM 3/5/2003, John D. Hardin wrote:
  
>On Wed, 5 Mar 2003, Mike McCandless wrote:
>
>> Could the line you provided
>> 
>> ^(From|To|CC|Reply-To|Resent-From): .*<>.*<>.*<>.*<>.*<>.*\(.*\)
>> 
>> be added to header checks in the MTA?  I use Postfix, so I could add
>> this to the header regular expression table...and wouldn't have to worry
>> about ever seeing it in procmail...
>
>Yes, that should work.
>
>Note that this may not detect all variants of attacks on this
>vulnerability.



More information about the esd-l mailing list