SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Sun Mar 26 02:09:30 UTC 2006
On Sat, 25 Mar 2006 18:00:41 +0200, Gadi Evron said:
> There are two exploit code samples I saw. There are two remote exploits
> for one of them so far that are public that I know of.
There's exploits for the race condition.
I was *specifically* talking about the integer overflow, which looks pretty
damned hard to exploit unless the victim site deliberately recompiled their
sendmail binary with a very sub-optimum configuration.
But then, you'd know that if you either actually *looked* at what I wrote,
or looked at the diff of the 8.13.[56] trees.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060325/08780209/attachment.sig>
More information about the NANOG
mailing list