Re: Major remote root vunerability found in sendmail

From: Steven Procter (stevenat_private)
Date: Mon Mar 03 2003 - 15:02:11 PST

Next message: Michael Scheidell: "patch to explain sendmail_ nasl"

Previous message: Discini, Sonny: "RE: Feature Request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Fixed. The re is missing a \. after [5-7]

This will still match any 5. 6. or 7. trailing a "Sendmail" in the
string, such as the following (somewhat modified) suse linux banner:

smtp1.somehost.com ESMTP Sendmail 8.13/SuSE Linux 7.5.0-0.3; Mon, 3 Mar 2003 5:45:18 -0800 (PST)

Can the ".*" after "Sendmail" should be changed to something more
specific like a pattern that just matches spaces like "[ \t]*".  I
don't have so much experience looking at sendmail banners that I know
all of the things that can appear after the Sendmail.  But I think
that the ".*" after Sendmail is going to make it difficult to keep
from getting false positives.

--Steven

Next message: Michael Scheidell: "patch to explain sendmail_ nasl"
Previous message: Discini, Sonny: "RE: Feature Request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 03 2003 - 14:59:13 PST