Nmap Development mailing list archives
Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server
From: Djalal Harouni <tixxdz () opendz org>
Date: Fri, 24 Jun 2011 16:47:48 +0100
On Thu, Jun 23, 2011 at 11:07:18AM +0100, Djalal Harouni wrote:
On Thu, Jun 23, 2011 at 07:43:04AM +0200, Henri Doreau wrote:2011/6/23 Djalal Harouni <tixxdz () opendz org>:The script was tested against Ubuntu and Debian. x86 architectures were exploited successfully. On x86_64 the smtpd child will be killed, but the script can detect this and report it.I think that this behavior we observed on a x86_64 system is actually due to anti-exploitation mechanisms instead of the CPU architecture. To be confirmed though.Yes, from the logs glibc detects that this is an invalid pointer, and aborts the munmap operation, glibc includes by default heap protections. On x86_64 the size of variables and structures also count. I'll update that statement to: "can exploit or detect that the smtpd was killed."
I've committed the script as r24320, thx. -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server Djalal Harouni (Jun 22)
- Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server Henri Doreau (Jun 22)
- Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server Djalal Harouni (Jun 23)
- Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server Djalal Harouni (Jun 24)
- Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server Djalal Harouni (Jun 23)
- Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server Henri Doreau (Jun 22)