Re: Major remote root vunerability found in sendmail

From: Renaud Deraison (deraisonat_private)
Date: Mon Mar 03 2003 - 13:07:43 PST

Next message: Erik Parker: "Re: Major remote root vunerability found in sendmail"

Previous message: Erik Parker: "Re: Major remote root vunerability found in sendmail"
In reply to: Erik Parker: "Re: Major remote root vunerability found in sendmail"
Next in thread: Erik Parker: "Re: Major remote root vunerability found in sendmail"
Reply: Erik Parker: "Re: Major remote root vunerability found in sendmail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 03, 2003 at 02:58:55PM -0600, Erik Parker wrote:
> > > So.. We came up with:
> > > 
> > > .*Sendmail.*(Switch\-((1\.)|(2\.(0\.|1\.[0-4])))|(\/|UCB | )([5-7]|8\.([0-9](\.|;|$)|1[01]\.|12\.[0-7](\/| |\.|\+)))).*
> > > 
> > 
> > Would not it be better to have done multiple regexes ? I'll include
> > Michael's original regex in addition to yours for a short, just in
> > case...
> 
> His would cause false positives though..
> 
> I could split this regex up, it just seemed appropriate to toss them all 
> in one.

At this time, given the vulnerability, I'm ok with that. I'll probably
remove Michael's expression later on, but right now, your regexp is a
bit hard to swallow so I'm in extra-paranoid/doubtful mode.

(I'm not critcizing your regexp but rather my inability to grasp it just
at the moment :)


				-- Renaud

Next message: Erik Parker: "Re: Major remote root vunerability found in sendmail"
Previous message: Erik Parker: "Re: Major remote root vunerability found in sendmail"
In reply to: Erik Parker: "Re: Major remote root vunerability found in sendmail"
Next in thread: Erik Parker: "Re: Major remote root vunerability found in sendmail"
Reply: Erik Parker: "Re: Major remote root vunerability found in sendmail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 03 2003 - 13:06:48 PST