nanog mailing list archives
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
From: Valdis.Kletnieks () vt edu
Date: Sat, 25 Mar 2006 21:09:30 -0500
On Sat, 25 Mar 2006 18:00:41 +0200, Gadi Evron said:
There are two exploit code samples I saw. There are two remote exploits for one of them so far that are public that I know of.
There's exploits for the race condition. I was *specifically* talking about the integer overflow, which looks pretty damned hard to exploit unless the victim site deliberately recompiled their sendmail binary with a very sub-optimum configuration. But then, you'd know that if you either actually *looked* at what I wrote, or looked at the diff of the 8.13.[56] trees.
Attachment:
_bin
Description:
Current thread:
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), (continued)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael . Dillon (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Alain Hebert (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Randy Bush (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Alain Hebert (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael . Dillon (Mar 27)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Steven M. Bellovin (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Valdis . Kletnieks (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Matt Ghali (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Christopher L. Morrow (Mar 25)
- FUD and exploit code [was: Re: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 25)