SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)

• Previous message (by thread): SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
• Next message (by thread): SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 25 Mar 2006 18:00:41 +0200, Gadi Evron said:

> There are two exploit code samples I saw. There are two remote exploits 
> for one of them so far that are public that I know of.

There's exploits for the race condition.

I was *specifically* talking about the integer overflow, which looks pretty
damned hard to exploit unless the victim site deliberately recompiled their
sendmail binary with a very sub-optimum configuration.

But then, you'd know that if you either actually *looked* at what I wrote,
or looked at the diff of the 8.13.[56] trees. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060325/08780209/attachment.sig>

• Previous message (by thread): SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
• Next message (by thread): SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]