nanog mailing list archives
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
From: Gadi Evron <ge () linuxbox org>
Date: Sat, 25 Mar 2006 18:00:41 +0200
Steven M. Bellovin wrote:
On Sat, 25 Mar 2006 04:39:11 +0200, Gadi Evron <ge () linuxbox org> wrote:Valdis.Kletnieks () vt edu wrote:Well, it *is* mostly a theoretical overflow - for it to work, a site would have to:Exploit is out there. How long did that take?Is the exploit actually effective in the wild? The conditions Valdis spoke of are improbable -- are there actually vulnerable sites? Or is the attack much easier than he had indicated?
There are two exploit code samples I saw. There are two remote exploits for one of them so far that are public that I know of.
I haven't seen any exploited sites yet.
Current thread:
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), (continued)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael . Dillon (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Alain Hebert (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Randy Bush (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Alain Hebert (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael . Dillon (Mar 27)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Steven M. Bellovin (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Valdis . Kletnieks (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Matt Ghali (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Christopher L. Morrow (Mar 25)