【警告】Buffer Overflow in Sendmail (網管必讀-可取得root) Buffer Overflow in Sendmail (網管必讀-可取得root) Sendmail 緩衝區溢出漏洞 [url]http://www.cert.org/advisories/CA-2003-25.html[/url] [url]http://www.sendmail.org[/url] Local exploitation on little endian Linux is confirmed to be trivial via recipient.c and sendtolist(), with a pointer overwrite leading to a neat case of free() on user-supplied data, i.e.: eip = 0x40178ae2 edx = 0x41414141 esi = 0x61616161 SEGV in chunk_free (ar_ptr=0x4022a160, p=0x81337e0) at malloc.c:3242 0x40178ae2 <chunk_free+486>: mov %esi,0xc(%edx) 0x40178ae5 <chunk_free+489>: mov %edx,0x8(%esi) Remote attack is believed to be possible. |
所有時間均為 +8。現在的時間是 02:15 PM。 |
XML | RSS 2.0 | RSS |
本論壇所有文章僅代表留言者個人意見,並不代表本站之立場,討論區以「即時留言」方式運作,故無法完全監察所有即時留言,若您發現文章可能有異議,請 email :[email protected] 處理。