Full Disclosure mailing list archives
Re: sendmail exploit
From: Valdis.Kletnieks () vt edu
Date: Tue, 10 May 2005 22:25:32 -0400
On Tue, 10 May 2005 14:50:21 PDT, migalo digalo said:
have ,and nessus show me same 'Critical' vulnerabilities: sendmail 8.8 (http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950)
Hint: First figure out why Nessus claimed it saw a Sendmail 8.8 - because that's well and truly crufty. 8.8.0 came out 1996/09/26, and 8.8.8 (the last 8.8) was 1997/10/24. If you're really running an 8.8, most likely it isn't working because your canned exploit only has offsets for releases people are actually likely to be running (like 8.11.X and 8.12.(Y<8).) Of course, if you're still running 8.8, there's about 3 zillion OTHER issues you could exploit instead....
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- sendmail exploit migalo digalo (May 10)
- Re: sendmail exploit pingywon (May 10)
- Re: sendmail exploit Valdis . Kletnieks (May 10)
- Re: sendmail exploit migalo digalo (May 11)
- Re: sendmail exploit Ralph Angenendt (May 11)
- Re: sendmail exploit Andrew Simmons (May 11)
- Re: sendmail exploit Dave Korn (May 11)
- Re: Re: sendmail exploit Matt Andreko (May 12)
- Re: sendmail exploit migalo digalo (May 11)
- <Possible follow-ups>
- RE: sendmail exploit Lauro, John (May 11)