Previous Thread
Next Thread
Print Thread
Rate Thread
#16514 03/24/03 03:40 AM
Joined: Feb 2003
Posts: 4
P
Junior Member
Junior Member
P Offline
Joined: Feb 2003
Posts: 4
Anyone see the sendmail exploit supposedly published by L.S.D.?, goes after a bug in the parsing of the e-mail addresses.

Sponsored Links
▼ Sponsored Links ▼ ▲ Sponsored Links ▲
Joined: Mar 2002
Posts: 1,041
I
UGN Elite Poster
UGN Elite Poster
I Offline
Joined: Mar 2002
Posts: 1,041
Yeah, I saw that. It's at least two weeks old now, but I would imagine that there is still a hell of a lot of systems out there that are vulnerable.

Infinite

Joined: Mar 2002
Posts: 815
S
nobody
nobody
S Offline
Joined: Mar 2002
Posts: 815
Actually when they released the initial vulnerability info, they also stated their research wasnt concluded. At that point they had only tested it on a few systems(actually i think only one). About a week later they issued this statement:

"We have inspected this issue a bit more, and found out that on most Unix systems
the buf buffer is not followed by such data. We base this conclusion upon the
simple fact that we didn't manage to crash sendmail by feeding it with 250
sequences of <> chars in the from address string. This means that this issue does
not seam to be exploitable on them. The following table presents a summary of
our findings:

Freebsd 4.4 - (default & self compiled Sendmail 8.11.6) does not crash
Solaris 8.0 x86 - (default & self compiled Sendmail 8.11.6) does not crash
Solaris 8.0 sparc - (default & self compiled Sendmail 8.11.6) does not crash
HP-UX 10.20 - (self compiled Sendmail 8.11.6) does not crash
IRIX 6.5.14 - (self compiled Sendmail 8.11.6) does not crash
AIX 4.3 - (binary of Sendmail 8.11.3 from bull.de) does not crash
RedHat 7.0 - (default Sendmail 8.11.0) does not crash
RedHat 7.2 - (default Sendmail 8.11.6) does not crash
RedHat 7.3 (p) - (patched Sendmail 8.11.6) does not crash
RedHat 7.0 - (self compiled Sendmail 8.11.6) crashes
RedHat 7.2 - (self compiled Sendmail 8.11.6) crashes
RedHat 7.3 - (self compiled Sendmail 8.11.6) crashes
Slackware 8.0 (p) - (patched Sendmail 8.11.6 binary) crashes
Slackware 8.0 - (self compiled Sendmail 8.12.7) does not crash
RedHat 7.x - (self compiled Sendmail 8.12.7) does not crash"


You can read there full finding on the vulnerability here:

http://lwn.net/Articles/24292/

Other people have written exploits for this vulnerability but not as many systems as you think are vulnerable.

Joined: Feb 2003
Posts: 4
P
Junior Member
Junior Member
P Offline
Joined: Feb 2003
Posts: 4
I don't think the fact that they haven't managed to crash the above systems can be interpeted as a the hole being a pointless vulnerability. Needless to say its very difficult to remotely crash a system using this hole but a local user may have more luck ;-> , anyone see the new win 2k IIS exploit?, released by Rafael Nunez, formally of 'RaFa'. Take a step back and bow smile


Link Copied to Clipboard
Member Spotlight
None yet
Forum Statistics
Forums41
Topics33,840
Posts68,858
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Crime 1
Ice 1
Dartur 1
Cyrez 1
Powered by UBB.threads™ PHP Forum Software 8.0.0