TAIWAN
2003-09-21, 05:30 AM
Buffer Overflow in Sendmail (網管必讀-可取得root)
Sendmail 緩衝區溢出漏洞
各版本 OS 都受威脅 包含 Freebsd Linux Solaris 等使用 Sendmail 套件
相關此次漏洞修正程式下載請依所使用之 OS 進行或昇級 Sendmail 版本
http://www.cert.org/advisories/CA-2003-25.html
http://www.sendmail.org
Local exploitation on little endian Linux is confirmed to be trivial
via recipient.c and sendtolist(), with a pointer overwrite leading to a
neat case of free() on user-supplied data, i.e.:
eip = 0x40178ae2
edx = 0x41414141
esi = 0x61616161
SEGV in chunk_free (ar_ptr=0x4022a160, p=0x81337e0) at malloc.c:3242
0x40178ae2 <chunk_free+486>: mov %esi,0xc(%edx)
0x40178ae5 <chunk_free+489>: mov %edx,0x8(%esi)
Remote attack is believed to be possible.
贊助商連結
Sendmail 緩衝區溢出漏洞
各版本 OS 都受威脅 包含 Freebsd Linux Solaris 等使用 Sendmail 套件
相關此次漏洞修正程式下載請依所使用之 OS 進行或昇級 Sendmail 版本
http://www.cert.org/advisories/CA-2003-25.html
http://www.sendmail.org
Local exploitation on little endian Linux is confirmed to be trivial
via recipient.c and sendtolist(), with a pointer overwrite leading to a
neat case of free() on user-supplied data, i.e.:
eip = 0x40178ae2
edx = 0x41414141
esi = 0x61616161
SEGV in chunk_free (ar_ptr=0x4022a160, p=0x81337e0) at malloc.c:3242
0x40178ae2 <chunk_free+486>: mov %esi,0xc(%edx)
0x40178ae5 <chunk_free+489>: mov %edx,0x8(%esi)
Remote attack is believed to be possible.
贊助商連結