<<< Date Index >>>     <<< Thread Index >>>

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)



Eric Allman wrote:
I know the guy who exploited it.  He's better than you think he is.


I'm sorry, I was not trying to imply in any way that Mark was blowing smoke. I believe he can do it. Take my statement literally: /we/ don't /see/ how it can be practical. Perhaps I should have said "understand" instead of "see". The point was that this is not a trivial problem to exploit. But yes, I do believe it is real, and I think (hope) I made that clear in my message.

2 public exploits and counting.

        Gadi.