[Snort-users] Question on 663

Jack Pepper pepperjack at ...14319...
Thu Apr 9 12:02:13 EDT 2009


Quoting rmkml <rmkml at ...953...>:

> maybe look:
>  http://www.securityfocus.com/bid/1/exploit

Yeah, that's kind of my point, eh?  bugtraq bid 1 is not an exploit in  
RCPT, it's something completely different involving an exploit in DEBUG.

jp

> On Thu, 9 Apr 2009, Jack Pepper wrote:
>
>> This rule looks for "RCPT TO: ;"
>>
>> The reference to cve,1999-0095 regards sendmail having the "debug"
>> command enabled. Ditto for the bugtraq,1 reference.  And arachnids has
>> been dead for at least 5 years.
>>
>> Anybody know why this rule exists?  What is the exploitation of RCPT TO ?
>>
>> jp
>>
>>
>>
>>
>>
>> -- 
>>
>> Framework?  I don't need no stinking framework!
>>
>> ----------------------------------------------------------------
>> @fferent Security Labs:  Isolate/Insulate/Innovate
>> http://www.afferentsecurity.com
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by:
>> High Quality Requirements in a Collaborative Environment.
>> Download a free trial of Rational Requirements Composer Now!
>> http://p.sf.net/sfu/www-ibm-com
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>



-- 

Framework?  I don't need no stinking framework!

----------------------------------------------------------------
@fferent Security Labs:  Isolate/Insulate/Innovate  
http://www.afferentsecurity.com





More information about the Snort-users mailing list