Bugtraq mailing list archives
Re: [LSD] Technical analysis of the remote sendmail vulnerability
From: Eric Allman <eric+bugtraq () sendmail org>
Date: Tue, 04 Mar 2003 09:29:02 -0800
I want to emphasize one of the last sentences in this posting: ``However, we cannot exclude that there does not exist another execution path in the sendmail code, that could lead to the program counter overwrite.'' Please don't breath a sigh of relief because you are running on one of the "does not crash" systems. Besides direct execution path exploits, there are other variables that are not pointers that have security implications; finding one of them within range will be more difficult, but probably not impossible. Everyone should patch as soon as possible, regardless of platform. eric
Current thread:
- [LSD] Technical analysis of the remote sendmail vulnerability Last Stage of Delirium (Mar 04)
- Re: [LSD] Technical analysis of the remote sendmail vulnerability Eric Allman (Mar 04)