Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CA-2003-12

Are there any signatures available for this. From looking at the advisory it would seem searching for anything between \x80-\xff in the to header might suffice.

3 REPLIES
Silver

Re: CA-2003-12

Are you looking for a signature for something in particular or is it the send mail buffer overflow vulnerability that you are referring to? If so, refer to the CERT Advisory http://www.cert.org/advisories/CA-2003-12.html

I guess the signatures for these are available in the IDS systems. I don't have the details though.

Bronze

Re: CA-2003-12

From the details of the exploit, this problem is addressed by signature 3115 subsigs 0-2. These are looking for a non-printable character [\x80-\xFF] in the To, From, and CC fields of an email message header. We really only need to identify the \xFF character, but we get the coverage in with the range. Signature 3115 was originally written to cover the other Sendmail exploit in CERT CA-2003-07.

New Member

Re: CA-2003-12

Does anyone else have huge numbers of false +ve's from these four subsigs? I see tons...

119
Views
0
Helpful
3
Replies
CreatePlease to create content