Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server
From: Djalal Harouni <tixxdz () opendz org>
Date: Thu, 23 Jun 2011 11:07:18 +0100

On Thu, Jun 23, 2011 at 07:43:04AM +0200, Henri Doreau wrote:
2011/6/23 Djalal Harouni <tixxdz () opendz org>:
The script was tested against Ubuntu and Debian. x86 architectures were
exploited successfully. On x86_64 the smtpd child will be killed, but
the script can detect this and report it.

I think that this behavior we observed on a x86_64 system is actually
due to anti-exploitation mechanisms instead of the CPU architecture.
To be confirmed though.
Yes, from the logs glibc detects that this is an invalid pointer, and
aborts the munmap operation, glibc includes by default heap protections.
On x86_64 the size of variables and structures also count.

I'll update that statement to: "can exploit or detect that the smtpd was
killed."

But as you said, this doesn't prevent the script from detecting the
vulnerability.

Regards.

-- 
Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault