[Esd-l] RE: Detection rule for sendmail header exploit
mike at ascendency.net
Mon Mar 10 13:12:39 PST 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Monday, March 10, 2003 8:42 AM John D. Hardin <mailto:jhardin at impsec.org> wrote:
> On Mon, 10 Mar 2003, Mike Loiterman wrote:
>> Where are you keeping the most up to date version of this rule?
>> I can't seem to find it. The one on the site is dated 3/5/03.
>> Is this the most recent?
> The sample local-rules file.
> The development snapshot is at:
> All of the mirrors should have these files as well.
Actually, I was referring to your comment in one of the last digests. This doesn't seem to be incorporated in the file from 3/5/03:
> Another point to note is that the RE should begin with the
> following in order to trap all headers for which sendmail is
> * ^((resent-)?(sender|from|(reply-)?to|cc|bcc)\
Thanks! I've incorporated that.
Is this an additional part to the sendmail exploit rule, or is this for something else?
Randomly Generated Quote:
Cats must play the game 'tiger attack'
when Mom is weeding the garden.
PGP Key 0xD1B9D18E
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: This message has been digitally signed by Mike Loiterman
-----END PGP SIGNATURE-----
More information about the esd-l