Re: [Full-disclosure] sendmail exploit
From: Andrew Simmons (asimmons_at_messagelabs.com)
Date: 05/11/05
- Previous message: Ralph Angenendt: "Re: [Full-disclosure] sendmail exploit"
- In reply to: migalo digalo: "Re: [Full-disclosure] sendmail exploit"
- Next in thread: Dave Korn: "[Full-disclosure] Re: sendmail exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 11 May 2005 12:34:04 +0100 To: migalo digalo <l.epsilon@gmail.com>
Hi Migalo,
migalo digalo wrote:
>>Of course, if you're still running 8.8, there's about 3 zillion OTHER issues
>>you could exploit instead....
>>
>
> i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like
> that ,if that waht you mean,and yes nessus give other critical warning
> about apache 1.3.12 ,the snag is there is no working exploit for thus
> vulerabilities (or at least i can't found any)and i have no time to
> make one by my self.
> so Valdis can you give me some examples of " about 3 zillion OTHER
> issues you could exploit instead....".
>
A good start would be:
http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sendmail
http://www.securityfocus.com/bid/keyword/ (search for sendmail)
You'll have to review each vuln listed to see whether it affects your
version.
cheers
Andrew
Speaking for myself only
-- Andrew Simmons Technical Security Consultant MessageLabs asimmons@messagelabs.com www.messagelabs.com MessageLabs - Be certain ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Ralph Angenendt: "Re: [Full-disclosure] sendmail exploit"
- In reply to: migalo digalo: "Re: [Full-disclosure] sendmail exploit"
- Next in thread: Dave Korn: "[Full-disclosure] Re: sendmail exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
