mailing list archives
Re: sendmail exploit
From: Valdis.Kletnieks () vt edu
Date: Tue, 10 May 2005 22:25:32 -0400
On Tue, 10 May 2005 14:50:21 PDT, migalo digalo said:
have ,and nessus show me same 'Critical' vulnerabilities:
sendmail 8.8 (http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950)
Hint: First figure out why Nessus claimed it saw a Sendmail 8.8 - because
that's well and truly crufty. 8.8.0 came out 1996/09/26, and 8.8.8 (the last
8.8) was 1997/10/24.
If you're really running an 8.8, most likely it isn't working because your
canned exploit only has offsets for releases people are actually likely to be
running (like 8.11.X and 8.12.(Y<8).)
Of course, if you're still running 8.8, there's about 3 zillion OTHER issues
you could exploit instead....
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/