> That work work for all of them, one of our guys is working on a nice > regex for them now, will post when its done. Below are some of the > banners we have run into before. Catching HD just as he gets out of bed causes him to think 'work work work' but I think he meant 'won\'t work' So.. We came up with: .*Sendmail.*(Switch\-((1\.)|(2\.(0\.|1\.[0-4])))|(\/|UCB | )([5-7]|8\.([0-9](\.|;|$)|1[01]\.|12\.[0-7](\/| |\.|\+)))).* It is ugly, but This will match all AIX versions, beta versions, as well as Sendmail Switch vulnerable 2.x versions. Further, it will not match things like 'sendmail 55.8.7'. We need to go through all the sendmail plugins doing banner reads and edit their regex a bit to match more accurately. I'll try and do that this week. -- Erik Parker, CISSP Digital Defense, Inc. 1711 Citadel Plaza San Antonio, Texas 78209 210.822.2645
This archive was generated by hypermail 2b30 : Mon Mar 03 2003 - 11:55:42 PST