[89567] in North American Network Operators' Group
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sat Mar 25 21:10:11 2006
To: Gadi Evron <ge@linuxbox.org>
Cc: "Steven M. Bellovin" <smb@cs.columbia.edu>, nanog@merit.edu
In-Reply-To: Your message of "Sat, 25 Mar 2006 18:00:41 +0200."
<44256929.7040708@linuxbox.org>
From: Valdis.Kletnieks@vt.edu
Date: Sat, 25 Mar 2006 21:09:30 -0500
Errors-To: owner-nanog@merit.edu
--==_Exmh_1143338970_4291P
Content-Type: text/plain; charset=us-ascii
On Sat, 25 Mar 2006 18:00:41 +0200, Gadi Evron said:
> There are two exploit code samples I saw. There are two remote exploits
> for one of them so far that are public that I know of.
There's exploits for the race condition.
I was *specifically* talking about the integer overflow, which looks pretty
damned hard to exploit unless the victim site deliberately recompiled their
sendmail binary with a very sub-optimum configuration.
But then, you'd know that if you either actually *looked* at what I wrote,
or looked at the diff of the 8.13.[56] trees.
--==_Exmh_1143338970_4291P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFEJffacC3lWbTT17ARApaoAJ4+athrt6/JKTC2DzvppB5gzrEwzwCg8akc
Jc7RvIU3kYOMTYqi+SX4zlM=
=mbhW
-----END PGP SIGNATURE-----
--==_Exmh_1143338970_4291P--
