[89554] in North American Network Operators' Group
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS,
daemon@ATHENA.MIT.EDU (Gadi Evron)
Sat Mar 25 11:05:36 2006
Date: Sat, 25 Mar 2006 18:00:41 +0200
From: Gadi Evron <ge@linuxbox.org>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: Valdis.Kletnieks@vt.edu, nanog@merit.edu
In-Reply-To: <20060325005731.8d4d5414.smb@cs.columbia.edu>
Errors-To: owner-nanog@merit.edu
Steven M. Bellovin wrote:
> On Sat, 25 Mar 2006 04:39:11 +0200, Gadi Evron <ge@linuxbox.org> wrote:
>
>
>>Valdis.Kletnieks@vt.edu wrote:
>>
>>>Well, it *is* mostly a theoretical overflow - for it to work, a site would have to:
>>
>>Exploit is out there. How long did that take?
>>
>
> Is the exploit actually effective in the wild? The conditions Valdis
> spoke of are improbable -- are there actually vulnerable sites? Or is
> the attack much easier than he had indicated?
>
There are two exploit code samples I saw. There are two remote exploits
for one of them so far that are public that I know of.
I haven't seen any exploited sites yet.
