Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)

[Gadi Evron <ge () linuxbox org>]

Steven M. Bellovin wrote:
> On Sat, 25 Mar 2006 04:39:11 +0200, Gadi Evron <ge () linuxbox org> wrote:
>
>
> > Valdis.Kletnieks () vt edu wrote:
> >
> > > Well, it *is* mostly a theoretical overflow - for it to work, a site would have to:
> >
> > Exploit is out there. How long did that take?
>
> Is the exploit actually effective in the wild?  The conditions Valdis
> spoke of are improbable -- are there actually vulnerable sites?  Or is
> the attack much easier than he had indicated?

There are two exploit code samples I saw. There are two remote exploits 
for one of them so far that are public that I know of.

I haven't seen any exploited sites yet.