Snort mailing list archives
Re: Question on 663
From: rmkml <rmkml () free fr>
Date: Thu, 9 Apr 2009 18:43:42 +0200 (CEST)
on bid1 discuss: "Sendmail's debug mode allows the recipient of an email message to be a program that runs with the privileges of the user id which sendmail is running under." Regards Rmkml Crusoe-Researches.com On Thu, 9 Apr 2009, Jack Pepper wrote:
Quoting rmkml <rmkml () free fr>:maybe look: http://www.securityfocus.com/bid/1/exploitYeah, that's kind of my point, eh? bugtraq bid 1 is not an exploit in RCPT, it's something completely different involving an exploit in DEBUG. jpOn Thu, 9 Apr 2009, Jack Pepper wrote:This rule looks for "RCPT TO: ;" The reference to cve,1999-0095 regards sendmail having the "debug" command enabled. Ditto for the bugtraq,1 reference. And arachnids has been dead for at least 5 years. Anybody know why this rule exists? What is the exploitation of RCPT TO ? jp -- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com
------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question on 663 Jack Pepper (Apr 09)
- Re: Question on 663 rmkml (Apr 09)
- Re: Question on 663 Jack Pepper (Apr 09)
- Re: Question on 663 rmkml (Apr 09)
- Re: Question on 663 Jack Pepper (Apr 09)
- Re: Question on 663 - solved Jack Pepper (Apr 09)
- Re: Question on 663 - solved Nigel Houghton (Apr 09)
- Re: Question on 663 Jack Pepper (Apr 09)
- Re: Question on 663 Jack Pepper (Apr 09)
- Re: Question on 663 rmkml (Apr 09)