Re: Major remote root vunerability found in sendmail

From: Steven Procter (stevenat_private)
Date: Mon Mar 03 2003 - 15:02:11 PST

  • Next message: Michael Scheidell: "patch to explain sendmail_ nasl"

    > Fixed. The re is missing a \. after [5-7]
    
    This will still match any 5. 6. or 7. trailing a "Sendmail" in the
    string, such as the following (somewhat modified) suse linux banner:
    
    smtp1.somehost.com ESMTP Sendmail 8.13/SuSE Linux 7.5.0-0.3; Mon, 3 Mar 2003 5:45:18 -0800 (PST)
    
    Can the ".*" after "Sendmail" should be changed to something more
    specific like a pattern that just matches spaces like "[ \t]*".  I
    don't have so much experience looking at sendmail banners that I know
    all of the things that can appear after the Sendmail.  But I think
    that the ".*" after Sendmail is going to make it difficult to keep
    from getting false positives.
    
    --Steven
    



    This archive was generated by hypermail 2b30 : Mon Mar 03 2003 - 14:59:13 PST