Full Disclosure mailing list archives

Re: Re: sendmail exploit

From: Matt Andreko <mandreko () ori net>
Date: Thu, 12 May 2005 13:34:54 -0500

Not to sound like a smartass, but there are such things as blindpen-tests...




Dave Korn wrote:

----Original Message----

From: migalo digalo
Message-Id: 433ee3d9050510145060008332 () mail gmail com

hi all;

this my first post in this mailing list;so please ...

i am doing same pen-tests ,to apply the bit of theorical knowledge i
have ,and  nessus show me same 'Critical' vulnerabilities:
sendmail 8.8




----Original Message----

From: migalo digalo
Message-Id: 433ee3d9050511042222a87a5b () mail gmail com

i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like
that




  So can we conclude that the reason why you don't actually know if it's a
honeypot or not because it is not your system and you're actually trying to
break in to it, not "pen-test" it?


    cheers,
      DaveK

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

sendmail exploit migalo digalo (May 10)
- Re: sendmail exploit pingywon (May 10)
- Re: sendmail exploit Valdis . Kletnieks (May 10)
  - Re: sendmail exploit migalo digalo (May 11)
    - Re: sendmail exploit Ralph Angenendt (May 11)
    - Re: sendmail exploit Andrew Simmons (May 11)
    - Re: sendmail exploit Dave Korn (May 11)
    - Re: Re: sendmail exploit Matt Andreko (May 12)
- <Possible follow-ups>
- RE: sendmail exploit Lauro, John (May 11)