Bugtraq: Re: [LSD] Technical analysis of the remote sendmail vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [LSD] Technical analysis of the remote sendmail vulnerability

From: Eric Allman <eric+bugtraq () sendmail org>
Date: Tue, 04 Mar 2003 09:29:02 -0800

I want to emphasize one of the last sentences in this posting:
``However, we cannot exclude that there does not exist another
execution path in the sendmail code, that could lead to the program
counter overwrite.''  Please don't breath a sigh of relief because
you are running on one of the "does not crash" systems.

Besides direct execution path exploits, there are other variables
that are not pointers that have security implications; finding one of
them within range will be more difficult, but probably not impossible.

Everyone should patch as soon as possible, regardless of platform.

eric

By Date By Thread

Current thread:

[LSD] Technical analysis of the remote sendmail vulnerability Last Stage of Delirium (Mar 04)
- Re: [LSD] Technical analysis of the remote sendmail vulnerability Eric Allman (Mar 04)