Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Exploit for CVE-2010-4344 and CVE-2010-4345 - Exim SMTP server
From: Djalal Harouni <tixxdz () opendz org>
Date: Fri, 24 Jun 2011 16:47:48 +0100

On Thu, Jun 23, 2011 at 11:07:18AM +0100, Djalal Harouni wrote:
On Thu, Jun 23, 2011 at 07:43:04AM +0200, Henri Doreau wrote:
2011/6/23 Djalal Harouni <tixxdz () opendz org>:
The script was tested against Ubuntu and Debian. x86 architectures were
exploited successfully. On x86_64 the smtpd child will be killed, but
the script can detect this and report it.

I think that this behavior we observed on a x86_64 system is actually
due to anti-exploitation mechanisms instead of the CPU architecture.
To be confirmed though.
Yes, from the logs glibc detects that this is an invalid pointer, and
aborts the munmap operation, glibc includes by default heap protections.
On x86_64 the size of variables and structures also count.

I'll update that statement to: "can exploit or detect that the smtpd was
I've committed the script as r24320, thx.

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]