Re: [Full-disclosure] sendmail exploit

[Andrew Simmons <asimmons@xxxxxxxxxxxxxxx>]

Hi Migalo,

migalo digalo wrote:
> > Of course, if you're still running 8.8, there's about 3 zillion OTHER issues
> > you  could exploit instead....
>
> i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like
> that ,if that waht you mean,and yes nessus give other critical warning
> about apache 1.3.12 ,the snag is there is no working exploit for thus
> vulerabilities (or at least i can't found any)and i have no time to
> make one by my self.
> so Valdis can you give me some examples of " about 3 zillion OTHER
> issues you  could exploit instead....".
>


A good start would be:

http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sendmail
http://www.securityfocus.com/bid/keyword/ (search for sendmail)

You'll have to review each vuln listed to see whether it affects your 
version.

cheers

Andrew


Speaking for myself only
--
Andrew Simmons
Technical Security Consultant
MessageLabs

asimmons@xxxxxxxxxxxxxxx
 www.messagelabs.com

MessageLabs - Be certain

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/