RE: [Full-disclosure] sendmail exploit
Redhat typically patches items such as sendmail without changing the version number ("rpm -q sedmail" to get the full redhat version). So, many of the exploits for 8.8 probably are not there, assuming the system was kept up2date while RedHat supported 6.2... Of course, RedHat hasn't supported 6.2 for a long time now, so some issues are likely unpatched... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of migalo digalo Sent: Wednesday, May 11, 2005 7:23 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] sendmail exploit > Of course, if you're still running 8.8, there's about 3 zillion OTHER issues > you could exploit instead > > > i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like that ,if that waht you mean,and yes nessus give other critical warning about apache 1.3.12 ,the snag is there is no working exploit for thus vulerabilities (or at least i can't found any)and i have no time to make one by my self. so Valdis can you give me some examples of " about 3 zillion OTHER issues you could exploit instead". ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] sendmail exploit
Hi Migalo, migalo digalo wrote: Of course, if you're still running 8.8, there's about 3 zillion OTHER issues you could exploit instead i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like that ,if that waht you mean,and yes nessus give other critical warning about apache 1.3.12 ,the snag is there is no working exploit for thus vulerabilities (or at least i can't found any)and i have no time to make one by my self. so Valdis can you give me some examples of " about 3 zillion OTHER issues you could exploit instead". > A good start would be: http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sendmail http://www.securityfocus.com/bid/keyword/ (search for sendmail) You'll have to review each vuln listed to see whether it affects your version. cheers Andrew Speaking for myself only -- Andrew Simmons Technical Security Consultant MessageLabs [EMAIL PROTECTED] www.messagelabs.com MessageLabs - Be certain __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] sendmail exploit
migalo digalo wrote: > > Of course, if you're still running 8.8, there's about 3 zillion OTHER issues > > you could exploit instead > > > > > i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like > that , No. If it's a RH 6.2 box, the sendmail version is 8.11.6. Ralph pgp7hguc7SzBX.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] sendmail exploit
> Of course, if you're still running 8.8, there's about 3 zillion OTHER issues > you could exploit instead > > > i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like that ,if that waht you mean,and yes nessus give other critical warning about apache 1.3.12 ,the snag is there is no working exploit for thus vulerabilities (or at least i can't found any)and i have no time to make one by my self. so Valdis can you give me some examples of " about 3 zillion OTHER issues you could exploit instead". ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] sendmail exploit
On Tue, 10 May 2005 14:50:21 PDT, migalo digalo said: > have ,and nessus show me same 'Critical' vulnerabilities: > sendmail 8.8 > (http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950) Hint: First figure out why Nessus claimed it saw a Sendmail 8.8 - because that's well and truly crufty. 8.8.0 came out 1996/09/26, and 8.8.8 (the last 8.8) was 1997/10/24. If you're really running an 8.8, most likely it isn't working because your canned exploit only has offsets for releases people are actually likely to be running (like 8.11.X and 8.12.(Y<8).) Of course, if you're still running 8.8, there's about 3 zillion OTHER issues you could exploit instead pgpvF5lrxKACy.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] sendmail exploit
Thank to you for tell us. ~pingywon - Original Message - From: "migalo digalo" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 10, 2005 5:50 PM Subject: [Full-disclosure] sendmail exploit hi all; this my first post in this mailing list;so please ... i am doing same pen-tests ,to apply the bit of theorical knowledge i have ,and nessus show me same 'Critical' vulnerabilities: sendmail 8.8 (http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950) and php older than 3.0.17 and apache olther than 2.0.x all this in linux boxes.so i googled to get same exploits ,that WORK ,but without any succes. can any one help. excuse my poor englisch ; ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/