just a heads up: I don't know if there is a problem with SA milter, but
there is a snort signature for it now.
-------- Original Message --------
Subject: [Emerging-Sigs] SIG: SpamAssassin Milter Plugin Remote
Arbitrary Command Injection Attempt
Date: Mon, 8 Mar 2010 13:03:52 +0000
From: Kevin Ross <kevros...@googlemail.com>
To: emerging-s...@emergingthreats.net
<emerging-s...@emergingthreats.net>, Matt Jonkman <jonk...@jonkmans.com>
alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET EXPLOIT Possible
SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt";
flow:established,to_server; content:"to|3A|"; nocase;
content:"root+|3A|\"|7C|"; nocase; within:15; classtype:attempted-user;
reference:url,www.securityfocus.com/bid/38578
<http://www.securityfocus.com/bid/38578>;
reference:url,seclists.org/fulldisclosure/2010/Mar/140
<http://seclists.org/fulldisclosure/2010/Mar/140>; sid:1324412; rev:1;)
Kev
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
_______________________________________________
Emerging-sigs mailing list
emerging-s...@emergingthreats.net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html
