[Snort-users] Question on 663

rmkml rmkml at ...953...
Thu Apr 9 12:43:42 EDT 2009


on bid1 discuss:
"Sendmail's debug mode allows the recipient of an email message to be a 
program that runs with the privileges of the user id which sendmail is 
running under."
Regards
Rmkml
Crusoe-Researches.com


On Thu, 9 Apr 2009, Jack Pepper wrote:

> Quoting rmkml <rmkml at ...953...>:
>
>> maybe look:
>> http://www.securityfocus.com/bid/1/exploit
>
> Yeah, that's kind of my point, eh?  bugtraq bid 1 is not an exploit in RCPT, 
> it's something completely different involving an exploit in DEBUG.
>
> jp
>
>> On Thu, 9 Apr 2009, Jack Pepper wrote:
>> 
>>> This rule looks for "RCPT TO: ;"
>>> 
>>> The reference to cve,1999-0095 regards sendmail having the "debug"
>>> command enabled. Ditto for the bugtraq,1 reference.  And arachnids has
>>> been dead for at least 5 years.
>>> 
>>> Anybody know why this rule exists?  What is the exploitation of RCPT TO ?
>>> 
>>> jp
>>> 
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> 
>>> Framework?  I don't need no stinking framework!
>>> 
>>> ----------------------------------------------------------------
>>> @fferent Security Labs:  Isolate/Insulate/Innovate
>>> http://www.afferentsecurity.com
>>> 
>>> 
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by:
>>> High Quality Requirements in a Collaborative Environment.
>>> Download a free trial of Rational Requirements Composer Now!
>>> http://p.sf.net/sfu/www-ibm-com
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>> 
>
>
>
> -- 
>
> Framework?  I don't need no stinking framework!
>
> ----------------------------------------------------------------
> @fferent Security Labs:  Isolate/Insulate/Innovate 
> http://www.afferentsecurity.com
>




More information about the Snort-users mailing list