Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: sendmail exploit
From: Valdis.Kletnieks () vt edu
Date: Tue, 10 May 2005 22:25:32 -0400

On Tue, 10 May 2005 14:50:21 PDT, migalo digalo said:

have ,and  nessus show me same 'Critical' vulnerabilities:
sendmail 8.8 (http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950)

Hint: First figure out why Nessus claimed it saw a Sendmail 8.8 - because
that's well and truly crufty.  8.8.0 came out 1996/09/26, and 8.8.8 (the last
8.8) was 1997/10/24.

If you're really running an 8.8, most likely it isn't working because your
canned exploit only has offsets for releases people are actually likely to be
running (like 8.11.X and 8.12.(Y<8).)

Of course, if you're still running 8.8, there's about 3 zillion OTHER issues
you  could exploit instead....

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]