nanog mailing list archives

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)

From: Valdis.Kletnieks () vt edu
Date: Sat, 25 Mar 2006 21:09:30 -0500

On Sat, 25 Mar 2006 18:00:41 +0200, Gadi Evron said:

There are two exploit code samples I saw. There are two remote exploits 
for one of them so far that are public that I know of.


There's exploits for the race condition.

I was *specifically* talking about the integer overflow, which looks pretty
damned hard to exploit unless the victim site deliberately recompiled their
sendmail binary with a very sub-optimum configuration.

But then, you'd know that if you either actually *looked* at what I wrote,
or looked at the diff of the 8.13.[56] trees.

Attachment: _bin
Description:

Current thread:

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), (continued)
- - - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Jeroen Massar (Mar 25)
  - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael . Dillon (Mar 24)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Alain Hebert (Mar 24)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Randy Bush (Mar 24)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Alain Hebert (Mar 24)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael . Dillon (Mar 27)
  - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Steven M. Bellovin (Mar 24)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 25)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Valdis . Kletnieks (Mar 25)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Valdis . Kletnieks (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Dragos Ruiu (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Steven M. Bellovin (Mar 23)
  - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Dragos Ruiu (Mar 23)
  - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Brandon Butterworth (Mar 25)
  - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 25)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Matt Ghali (Mar 25)
    - Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Christopher L. Morrow (Mar 25)
    - FUD and exploit code [was: Re: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 25)

(Thread continues...)