酷!學園

技術討論區 => 系統安全討論版 => 主題作者是: abelyang 於 2003-07-01 13:54

主題: Sendmail Advisory
作者: abelyang2003-07-01 13:54
sendmail 的 問題
http://www.cert.org/advisories/CA-2003-12.html

sendmail 的 exploit code
http://www.securityfocus.com/bid/6991/exploit/

奇怪, 我怎麼沒收到 CERT/CC 的 Advirsory.....
是收到 Snort 的 Rule Update 通知才知道這件事...

snort 的 rule
alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"SMTP Content-Transfer-Encoding overflow attempt"; flow:to_server,established; content:"Content-Transfer-Encoding\:"; byte_test:1,<,256,100,relative; content:!"|0a|"; within:100; reference:cve,CAN-2003-0161; reference:url,www.cert.org/advisories/CA-2003-12.html; classtype:attempted-admin; sid:2183; rev:1;)

注意哦 ~~是 gain root 哦