25 Mar
2006
25 Mar
'06
9:09 p.m.
On Sat, 25 Mar 2006 18:00:41 +0200, Gadi Evron said:
There are two exploit code samples I saw. There are two remote exploits for one of them so far that are public that I know of.
There's exploits for the race condition. I was *specifically* talking about the integer overflow, which looks pretty damned hard to exploit unless the victim site deliberately recompiled their sendmail binary with a very sub-optimum configuration. But then, you'd know that if you either actually *looked* at what I wrote, or looked at the diff of the 8.13.[56] trees.