| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200505110225.j4B2Pbia006950@turing-police.cc.vt.edu> Date: Wed May 11 03:26:01 2005 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: sendmail exploit On Tue, 10 May 2005 14:50:21 PDT, migalo digalo said: > have ,and nessus show me same 'Critical' vulnerabilities: > sendmail 8.8 (http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950) Hint: First figure out why Nessus claimed it saw a Sendmail 8.8 - because that's well and truly crufty. 8.8.0 came out 1996/09/26, and 8.8.8 (the last 8.8) was 1997/10/24. If you're really running an 8.8, most likely it isn't working because your canned exploit only has offsets for releases people are actually likely to be running (like 8.11.X and 8.12.(Y<8).) Of course, if you're still running 8.8, there's about 3 zillion OTHER issues you could exploit instead.... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050510/946fc15d/attachment.bin
Powered by blists - more mailing lists