[Snort-users] Question on 663

Jack Pepper pepperjack at ...14319...
Thu Apr 9 11:13:38 EDT 2009


This rule looks for "RCPT TO: ;"

The reference to cve,1999-0095 regards sendmail having the "debug"  
command enabled. Ditto for the bugtraq,1 reference.  And arachnids has  
been dead for at least 5 years.

Anybody know why this rule exists?  What is the exploitation of RCPT TO ?

jp





-- 

Framework?  I don't need no stinking framework!

----------------------------------------------------------------
@fferent Security Labs:  Isolate/Insulate/Innovate  
http://www.afferentsecurity.com





More information about the Snort-users mailing list