Discussion:
sendmail exploit
(too old to reply)
migalo digalo
2005-05-10 21:50:21 UTC
Permalink
hi all;

this my first post in this mailing list;so please ...

i am doing same pen-tests ,to apply the bit of theorical knowledge i
have ,and nessus show me same 'Critical' vulnerabilities:
sendmail 8.8 (http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950)
and php older than 3.0.17 and apache olther than 2.0.x all this in
linux boxes.so i googled to get same exploits ,that WORK ,but without
any succes.
can any one help.

excuse my poor englisch ;
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
pingywon
2005-05-10 22:26:19 UTC
Permalink
Thank to you for tell us.

~pingywon


----- Original Message -----
From: "migalo digalo" <***@gmail.com>
To: <full-***@lists.grok.org.uk>
Sent: Tuesday, May 10, 2005 5:50 PM
Subject: [Full-disclosure] sendmail exploit


hi all;

this my first post in this mailing list;so please ...

i am doing same pen-tests ,to apply the bit of theorical knowledge i
have ,and nessus show me same 'Critical' vulnerabilities:
sendmail 8.8
(http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950)
and php older than 3.0.17 and apache olther than 2.0.x all this in
linux boxes.so i googled to get same exploits ,that WORK ,but without
any succes.
can any one help.

excuse my poor englisch ;
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
V***@vt.edu
2005-05-11 02:25:32 UTC
Permalink
Post by migalo digalo
sendmail 8.8 (http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950)
Hint: First figure out why Nessus claimed it saw a Sendmail 8.8 - because
that's well and truly crufty. 8.8.0 came out 1996/09/26, and 8.8.8 (the last
8.8) was 1997/10/24.

If you're really running an 8.8, most likely it isn't working because your
canned exploit only has offsets for releases people are actually likely to be
running (like 8.11.X and 8.12.(Y<8).)

Of course, if you're still running 8.8, there's about 3 zillion OTHER issues
you could exploit instead....
migalo digalo
2005-05-11 11:22:52 UTC
Permalink
Post by V***@vt.edu
Of course, if you're still running 8.8, there's about 3 zillion OTHER issues
you could exploit instead....
i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like
that ,if that waht you mean,and yes nessus give other critical warning
about apache 1.3.12 ,the snag is there is no working exploit for thus
vulerabilities (or at least i can't found any)and i have no time to
make one by my self.
so Valdis can you give me some examples of " about 3 zillion OTHER
issues you could exploit instead....".
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Ralph Angenendt
2005-05-11 11:30:35 UTC
Permalink
Post by migalo digalo
Post by V***@vt.edu
Of course, if you're still running 8.8, there's about 3 zillion OTHER issues
you could exploit instead....
i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like
that ,
No. If it's a RH 6.2 box, the sendmail version is 8.11.6.

Ralph
Andrew Simmons
2005-05-11 11:34:04 UTC
Permalink
Hi Migalo,
Post by migalo digalo
Post by V***@vt.edu
Of course, if you're still running 8.8, there's about 3 zillion OTHER issues
you could exploit instead....
i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like
that ,if that waht you mean,and yes nessus give other critical warning
about apache 1.3.12 ,the snag is there is no working exploit for thus
vulerabilities (or at least i can't found any)and i have no time to
make one by my self.
so Valdis can you give me some examples of " about 3 zillion OTHER
issues you could exploit instead....".
A good start would be:

http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sendmail
http://www.securityfocus.com/bid/keyword/ (search for sendmail)

You'll have to review each vuln listed to see whether it affects your
version.

cheers

Andrew


Speaking for myself only
--
Andrew Simmons
Technical Security Consultant
MessageLabs

***@messagelabs.com
www.messagelabs.com

MessageLabs - Be certain

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Dave Korn
2005-05-11 13:52:01 UTC
Permalink
----Original Message----
From: migalo digalo
hi all;
this my first post in this mailing list;so please ...
i am doing same pen-tests ,to apply the bit of theorical knowledge i
sendmail 8.8
----Original Message----
From: migalo digalo
i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like
that
So can we conclude that the reason why you don't actually know if it's a
honeypot or not because it is not your system and you're actually trying to
break in to it, not "pen-test" it?


cheers,
DaveK
--
Can't think of a witty .sigline today....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Matt Andreko
2005-05-12 18:34:54 UTC
Permalink
Not to sound like a smartass, but there are such things as blind
pen-tests...
Post by Lauro, John
----Original Message----
From: migalo digalo
hi all;
this my first post in this mailing list;so please ...
i am doing same pen-tests ,to apply the bit of theorical knowledge i
sendmail 8.8
----Original Message----
From: migalo digalo
i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like
that
So can we conclude that the reason why you don't actually know if it's a
honeypot or not because it is not your system and you're actually trying to
break in to it, not "pen-test" it?
cheers,
DaveK
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Lauro, John
2005-05-11 11:41:44 UTC
Permalink
Redhat typically patches items such as sendmail without changing the
version number ("rpm -q sedmail" to get the full redhat version). So,
many of the exploits for 8.8 probably are not there, assuming the
system was kept up2date while RedHat supported 6.2... Of course,
RedHat hasn't supported 6.2 for a long time now, so some issues are
likely unpatched...


-----Original Message-----
From: full-disclosure-***@lists.grok.org.uk
[mailto:full-disclosure-***@lists.grok.org.uk] On Behalf Of migalo
digalo
Sent: Wednesday, May 11, 2005 7:23 AM
To: full-***@lists.grok.org.uk
Subject: Re: [Full-disclosure] sendmail exploit
Post by V***@vt.edu
Of course, if you're still running 8.8, there's about 3 zillion
OTHER issues
Post by V***@vt.edu
you could exploit instead....
i think it's really a 8.8 (redhat6.2) and not a honeypot or thing like
that ,if that waht you mean,and yes nessus give other critical warning
about apache 1.3.12 ,the snag is there is no working exploit for thus
vulerabilities (or at least i can't found any)and i have no time to
make one by my self.
so Valdis can you give me some examples of " about 3 zillion OTHER
issues you could exploit instead....".
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Loading...