Your browser does not seem to support CSS. If images appear below, please disregard them.
toggle
May
S M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
Sponsored Links
Latest Postings
Topic Options
Rate This Topic
#16514 - 03/24/03 10:40 AM New Sendmail Vulnerability
Joined: Feb 2003
Posts: 4
prioris Offline
Junior Member
prioris Offline
Junior Member

Joined: Feb 2003
Posts: 4
europe
Anyone see the sendmail exploit supposedly published by L.S.D.?, goes after a bug in the parsing of the e-mail addresses.


beta test, v:
To voluntarily entrust one's data, one's livelihood and one's sanity to hardware or software intended to destroy all three. In earlier days, virgins were often selected to beta test volcanos.
Top
Sponsored Links
#16515 - 03/24/03 02:27 PM Re: New Sendmail Vulnerability
Joined: Mar 2002
Posts: 1,041
Infinite Offline
UGN Elite Poster
Infinite Offline
UGN Elite Poster

Joined: Mar 2002
Posts: 1,041
Canada eh
Yeah, I saw that. It's at least two weeks old now, but I would imagine that there is still a hell of a lot of systems out there that are vulnerable.

Infinite

Top
#16516 - 03/25/03 12:05 AM Re: New Sendmail Vulnerability
Joined: Mar 2002
Posts: 815
sinetific Offline
nobody
sinetific Offline
nobody

Joined: Mar 2002
Posts: 815
Ann Arbor
Actually when they released the initial vulnerability info, they also stated their research wasnt concluded. At that point they had only tested it on a few systems(actually i think only one). About a week later they issued this statement:

"We have inspected this issue a bit more, and found out that on most Unix systems
the buf buffer is not followed by such data. We base this conclusion upon the
simple fact that we didn't manage to crash sendmail by feeding it with 250
sequences of <> chars in the from address string. This means that this issue does
not seam to be exploitable on them. The following table presents a summary of
our findings:

Freebsd 4.4 - (default & self compiled Sendmail 8.11.6) does not crash
Solaris 8.0 x86 - (default & self compiled Sendmail 8.11.6) does not crash
Solaris 8.0 sparc - (default & self compiled Sendmail 8.11.6) does not crash
HP-UX 10.20 - (self compiled Sendmail 8.11.6) does not crash
IRIX 6.5.14 - (self compiled Sendmail 8.11.6) does not crash
AIX 4.3 - (binary of Sendmail 8.11.3 from bull.de) does not crash
RedHat 7.0 - (default Sendmail 8.11.0) does not crash
RedHat 7.2 - (default Sendmail 8.11.6) does not crash
RedHat 7.3 (p) - (patched Sendmail 8.11.6) does not crash
RedHat 7.0 - (self compiled Sendmail 8.11.6) crashes
RedHat 7.2 - (self compiled Sendmail 8.11.6) crashes
RedHat 7.3 - (self compiled Sendmail 8.11.6) crashes
Slackware 8.0 (p) - (patched Sendmail 8.11.6 binary) crashes
Slackware 8.0 - (self compiled Sendmail 8.12.7) does not crash
RedHat 7.x - (self compiled Sendmail 8.12.7) does not crash"


You can read there full finding on the vulnerability here:

http://lwn.net/Articles/24292/

Other people have written exploits for this vulnerability but not as many systems as you think are vulnerable.

Top
#16517 - 03/26/03 10:34 AM Re: New Sendmail Vulnerability
Joined: Feb 2003
Posts: 4
prioris Offline
Junior Member
prioris Offline
Junior Member

Joined: Feb 2003
Posts: 4
europe
I don't think the fact that they haven't managed to crash the above systems can be interpeted as a the hole being a pointless vulnerability. Needless to say its very difficult to remotely crash a system using this hole but a local user may have more luck ;-> , anyone see the new win 2k IIS exploit?, released by Rafael Nunez, formally of 'RaFa'. Take a step back and bow


beta test, v:
To voluntarily entrust one's data, one's livelihood and one's sanity to hardware or software intended to destroy all three. In earlier days, virgins were often selected to beta test volcanos.
Top

Member Spotlight
Gremelin

Gremelin
Portland, OR; USA
Posts: 7,194
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums46
Topics45,531
Posts80,699
Members2,157
Most Online1,567
Apr 25th, 2010
Top Posters(All Time)
UGN Security 38,695
Gremelin 7,194
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Newest Members
Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit, boa
2157 Registered Users
Who's Online Now
0 registered members (), 3 guests and 1 spider.
Latest News