[Esd-l] RE: Detection rule for sendmail header exploit
Mike Loiterman
mike at ascendency.net
Mon Mar 10 13:12:39 PST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday, March 10, 2003 8:42 AM John D. Hardin <mailto:jhardin at impsec.org> wrote:
> On Mon, 10 Mar 2003, Mike Loiterman wrote:
>
>> Where are you keeping the most up to date version of this rule?
>> I can't seem to find it. The one on the site is dated 3/5/03.
>> Is this the most recent?
>
> The sample local-rules file.
>
> http://www.impsec.org/email-tools/local-rules.procmal
>
> The development snapshot is at:
>
> http://www.impsec.org/email-tools/development/html-trap.procmail
>
> All of the mirrors should have these files as well.
Hrm...
Actually, I was referring to your comment in one of the last digests. This doesn't seem to be incorporated in the file from 3/5/03:
> Another point to note is that the RE should begin with the
> following in order to trap all headers for which sendmail is
> vulnerable:
>
> * ^((resent-)?(sender|from|(reply-)?to|cc|bcc)\
> |(errors|disposition-notification|apparently)-to):
Thanks! I've incorporated that.
Is this an additional part to the sendmail exploit rule, or is this for something else?
- -------------------------------------------
Randomly Generated Quote:
Cats must play the game 'tiger attack'
when Mom is weeding the garden.
Mike Loiterman
PGP Key 0xD1B9D18E
http://www.ascendency.net
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: This message has been digitally signed by Mike Loiterman
iQA/AwUBPmz/x2jZbUnRudGOEQI/iQCeK7EQRGGvyz96ybFX6lM7/H+s6JcAn26n
xkG1ZwvtBBcq6XAaG/YxjqwR
=uJ44
-----END PGP SIGNATURE-----
More information about the esd-l
mailing list