TAIWAN
2003-09-21, 05:26 AM
Buffer Overflow in Sendmail (網管必讀-可取得root)
Sendmail 緩衝區溢出漏洞
http://www.cert.org/advisories/CA-2003-25.html
http://www.sendmail.org
Local exploitation on little endian Linux is confirmed to be trivial
via recipient.c and sendtolist(), with a pointer overwrite leading to a
neat case of free() on user-supplied data, i.e.:
eip = 0x40178ae2
edx = 0x41414141
esi = 0x61616161
SEGV in chunk_free (ar_ptr=0x4022a160, p=0x81337e0) at malloc.c:3242
0x40178ae2 <chunk_free+486>: mov %esi,0xc(%edx)
0x40178ae5 <chunk_free+489>: mov %edx,0x8(%esi)
Remote attack is believed to be possible.
Sendmail 緩衝區溢出漏洞
http://www.cert.org/advisories/CA-2003-25.html
http://www.sendmail.org
Local exploitation on little endian Linux is confirmed to be trivial
via recipient.c and sendtolist(), with a pointer overwrite leading to a
neat case of free() on user-supplied data, i.e.:
eip = 0x40178ae2
edx = 0x41414141
esi = 0x61616161
SEGV in chunk_free (ar_ptr=0x4022a160, p=0x81337e0) at malloc.c:3242
0x40178ae2 <chunk_free+486>: mov %esi,0xc(%edx)
0x40178ae5 <chunk_free+489>: mov %edx,0x8(%esi)
Remote attack is believed to be possible.