At 11:02 PM 2/9/99 +0100, Casper Dik wrote: > >>Consider another interesting case - there are several sendmail exploits >>(circa 8.6) which require hardware and platform-specific eggs. We >>obviously would have a hard time actually implementing these, and it would >>be very difficult to make it reliable - so we do a banner check. > >Why do you need an egg? Just stuffing down too much data down >sendmail's throat will make it crash. Connection closed - has bug. If we do that, then it won't be around to check for other things. It could be done last, but at this point, if we find a sendmail that old, you just need to either shut it down or update it. Perhaps a better example would be exploits which require local access (also a number of these in that time frame) - it would then require some sort of shell to really exploit, which isn't practical for a network scanner. David LeBlanc dleblancat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:45 PDT