Nmap Development mailing list archives
Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String
From: Henri Doreau <henri.doreau () greenbone net>
Date: Mon, 18 Jul 2011 12:35:36 +0200
2011/7/13 Djalal Harouni <tixxdz () opendz org>:
The script will cause the Exim child to segfault due to an invalid memory reference, and perhaps with more debugging someone can achieve arbitrary code execution.
Hi Djalal, this is yet another cool script! I have a suggestion though. As it seems that the exploit can't work against localhost that would probably make sense to add a check before attempting to crash the child process in order to avoid reporting false positives when testing a server running on the local machine. In this case we should simply rely on the banner/version detection results I think. Maybe add a message to describe the situation as well. Regards. -- Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 12)
- Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 18)
- Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Henri Doreau (Jul 18)
- Re: [NSE] Check for CVE-2011-1764 - Exim DKIM Format String Djalal Harouni (Jul 18)