North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS,Memory Jumps, Integer Overflow)

  • From: Gadi Evron
  • Date: Sat Mar 25 11:06:36 2006

Steven M. Bellovin wrote:
On Sat, 25 Mar 2006 04:39:11 +0200, Gadi Evron <[email protected]> wrote:


[email protected] wrote:

Well, it *is* mostly a theoretical overflow - for it to work, a site would have to:
Exploit is out there. How long did that take?

Is the exploit actually effective in the wild?  The conditions Valdis
spoke of are improbable -- are there actually vulnerable sites?  Or is
the attack much easier than he had indicated?

There are two exploit code samples I saw. There are two remote exploits for one of them so far that are public that I know of.

I haven't seen any exploited sites yet.