Nmap Development mailing list archives

Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String

From: Henri Doreau <henri.doreau () greenbone net>
Date: Mon, 18 Jul 2011 12:35:36 +0200

2011/7/13 Djalal Harouni <tixxdz () opendz org>:

The script will cause the Exim child to segfault due to an invalid memory
reference, and perhaps with more debugging someone can achieve arbitrary
code execution.

Hi Djalal,

this is yet another cool script! I have a suggestion though. As it
seems that the exploit can't work against localhost that would
probably make sense to add a check before attempting to crash the
child process in order to avoid reporting false positives when testing
a server running on the local machine. In this case we should simply
rely on the banner/version detection results I think. Maybe add a
message to describe the situation as well.

Regards.

-- 
Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 12)
- Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 18)
- Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Henri Doreau (Jul 18)
  - Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 18)