SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)

Valdis.Kletnieks at Valdis.Kletnieks at
Sun Mar 26 02:09:30 UTC 2006

On Sat, 25 Mar 2006 18:00:41 +0200, Gadi Evron said:

> There are two exploit code samples I saw. There are two remote exploits 
> for one of them so far that are public that I know of.

There's exploits for the race condition.

I was *specifically* talking about the integer overflow, which looks pretty
damned hard to exploit unless the victim site deliberately recompiled their
sendmail binary with a very sub-optimum configuration.

But then, you'd know that if you either actually *looked* at what I wrote,
or looked at the diff of the 8.13.[56] trees. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list